x (Catalyst
9400 Switches)
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
© 2018 Cisco Systems, Inc. All rights reserved.
CONTENTS
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
iii
Contents
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
iv
Contents
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
v
Contents
Disabling UplinkFast 73
Enabling BackboneFast 74
EtherChannel On Mode 87
Load-Balancing and Forwarding Methods 87
MAC Address Forwarding 87
IP Address Forwarding 88
Load-Balancing Advantages 88
EtherChannel and Device Stacks 89
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
vi
Contents
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
vii
Contents
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
viii
Contents
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
ix
Contents
Example: Configuring Underlay Transport (Unicast and Multicast) between all the VTEPs and the
Spine(s): 174
Example: Configuring eBGP with EVPN address family between the Spine(s) and VTEPs: 176
Example: Configuring NVE on all VTEPs 177
Example: Configuring L2VPN EVPN on VTEPs 177
Example: Configuring Access customer facing VLAN VTEPs 177
Example: Configuring additional VNI, EVI and VLAN on VTEPs 178
Example: Configuring IP VRF on VTEPs for Inter-VxLAN routing 178
Example: Configuring Access VLAN Interfaces (SVIs) on VTEPs 178
Example: Configuring additional L3-VNI in NVE interfaces 179
Example: Configuring Core-facing VLANs and VLAN Interfaces 179
Example: Configuring iBGP/IGP EVPN VxLAN design model 179
Example: Verifying L2/L3 VNI in NVE 182
Example: Verifying Multicast in multicast routing table 182
Example: Verifying EVPN Instance in EVPN Manager 183
Example: Verifying MAC Table 184
Example: Verifying MAC entries in EVPN Manager 184
Example: Verifying MAC routes in BGP 184
Example: Verifying MAC routes in Layer 2 Routing Information Base 184
Example: Verifying IP VRF with all SVIs 185
Example: Verifying MAC/IP entries in MAC VRFs (EVIs) 185
Example: Verifying Remote MAC/IP and IP Prefix routes in L3VNI (IP VRF) 185
Example: Verifying IP routes are installed in L3 VNI (IP VRF) 185
Example: Verifying MAC/IP entries in EVPN Manager 186
Example: Verifying MAC/IP routes in Layer 2 Routing Informatio Base 186
Feature History and Information for VXLAN BGP EVPN 186
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
x
CHAPTER 1
Configuring Spanning Tree Protocol
This chapter describes how to configure the Spanning Tree Protocol (STP) on port-based VLANs on the
Catalyst devices. The device can use either the per-VLAN spanning-tree plus (PVST+) protocol based on the
IEEE 802.1D standard and Cisco proprietary extensions, or the rapid per-VLAN spanning-tree plus
(rapid-PVST+) protocol based on the IEEE 802.1w standard. A switch stack appears as a single spanning-tree
node to the rest of the network, and all stack members use the same bridge ID.
• Restrictions for STP, on page 1
• Information About Spanning Tree Protocol, on page 1
• How to Configure Spanning-Tree Features, on page 12
• Monitoring Spanning-Tree Status, on page 24
• Additional References for Spanning-Tree Protocol, on page 25
• Feature Information for STP, on page 25
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
1
Configuring Spanning Tree Protocol
Spanning-Tree Topology and BPDUs
MAC addresses on multiple Layer 2 interfaces. These conditions result in an unstable network. Spanning-tree
operation is transparent to end stations, which cannot detect whether they are connected to a single LAN
segment or a switched LAN of multiple segments.
The STP uses a spanning-tree algorithm to select one device of a redundantly connected network as the root
of the spanning tree. The algorithm calculates the best loop-free path through a switched Layer 2 network by
assigning a role to each port based on the role of the port in the active topology:
• Root—A forwarding port elected for the spanning-tree topology
• Designated—A forwarding port elected for every switched LAN segment
• Alternate—A blocked port providing an alternate path to the root bridge in the spanning tree
• Backup—A blocked port in a loopback configuration
The device that has all of its ports as the designated role or as the backup role is the root device. The device
that has at least one of its ports in the designated role is called the designated device.
Spanning tree forces redundant data paths into a standby (blocked) state. If a network segment in the spanning
tree fails and a redundant path exists, the spanning-tree algorithm recalculates the spanning-tree topology and
activates the standby path. Devices send and receive spanning-tree frames, called bridge protocol data units
(BPDUs), at regular intervals. The devices do not forward these frames but use them to construct a loop-free
path. BPDUs contain information about the sending device and its ports, including device and MAC addresses,
device priority, port priority, and path cost. Spanning tree uses this information to elect the root device and
root port for the switched network and the root port and designated port for each switched segment.
When two ports on a device are part of a loop, the spanning-tree and path cost settings control which port is
put in the forwarding state and which is put in the blocking state. The spanning-tree port priority value
represents the location of a port in the network topology and how well it is located to pass traffic. The path
cost value represents the media speed.
Note By default, the device sends keepalive messages (to ensure the connection is up) only on interfaces that do
not have small form-factor pluggable (SFP) modules. You can change the default for an interface by entering
the [no] keepalive interface configuration command with no keywords.
When the devices in a network are powered up, each functions as the root device. Each device sends a
configuration BPDU through all of its ports. The BPDUs communicate and compute the spanning-tree topology.
Each configuration BPDU contains this information:
• The unique bridge ID of the device that the sending device identifies as the root device
• The spanning-tree path cost to the root
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
2
Configuring Spanning Tree Protocol
Spanning-Tree Topology and BPDUs
When a device receives a configuration BPDU that contains superior information (lower bridge ID, lower
path cost, and so forth), it stores the information for that port. If this BPDU is received on the root port of the
device, the device also forwards it with an updated message to all attached LANs for which it is the designated
device.
If a device receives a configuration BPDU that contains inferior information to that currently stored for that
port, it discards the BPDU. If the device is a designated device for the LAN from which the inferior BPDU
was received, it sends that LAN a BPDU containing the up-to-date information stored for that port. In this
way, inferior information is discarded, and superior information is propagated on the network.
A BPDU exchange results in these actions:
• One device in the network is elected as the root device (the logical center of the spanning-tree topology
in a switched network). See the figure following the bullets.
For each VLAN, the device with the highest device priority (the lowest numerical priority value) is
elected as the root device. If all devices are configured with the default priority (32768), the device with
the lowest MAC address in the VLAN becomes the root device. The device priority value occupies the
most significant bits of the bridge ID, as shown in the following figure.
• A root port is selected for each device (except the root device). This port provides the best path (lowest
cost) when the device forwards packets to the root device.
When selecting the root port on a device stack, spanning tree follows this sequence:
• Selects the lowest root bridge ID
• Selects the lowest path cost to the root device
• Selects the lowest designated bridge ID
• Selects the lowest designated path cost
• Selects the lowest port ID
• Only one outgoing port on the stack root device is selected as the root port. The remaining devices in
the stack become its designated devices (Device 2 and Device 3) as shown in the following figure.
• The shortest distance to the root device is calculated for each device based on the path cost.
• A designated device for each LAN segment is selected. The designated device incurs the lowest path
cost when forwarding packets from that LAN to the root device. The port through which the designated
device is attached to the LAN is called the designated port.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
3
Configuring Spanning Tree Protocol
Bridge ID, Device Priority, and Extended System ID
One stack member is elected as the stack root device. The stack root device contains the outgoing root port
(Device 1).
All paths that are not needed to reach the root device from anywhere in the switched network are placed in
the spanning-tree blocking mode.
Bit Bit Bit Bit Bit Bit Bit Bit 9 Bit 8 Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1
16 15 14 13 12 11 10
Spanning tree uses the extended system ID, the device priority, and the allocated spanning-tree MAC address
to make the bridge ID unique for each VLAN.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
4
Configuring Spanning Tree Protocol
Port Priority Versus Path Cost
Support for the extended system ID affects how you manually configure the root device, the secondary root
device, and the device priority of a VLAN. For example, when you change the device priority value, you
change the probability that the device will be elected as the root device. Configuring a higher value decreases
the probability; a lower value increases the probability.
If any root device for the specified VLAN has a device priority lower than 24576, the device sets its own
priority for the specified VLAN to 4096 less than the lowest device priority. 4096 is the value of the
least-significant bit of a 4-bit device priority value as shown in the table.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
5
Configuring Spanning Tree Protocol
Blocking State
Blocking State
A Layer 2 interface in the blocking state does not participate in frame forwarding. After initialization, a BPDU
is sent to each device interface. A device initially functions as the root until it exchanges BPDUs with other
devices. This exchange establishes which device in the network is the root or root device. If there is only one
device in the network, no exchange occurs, the forward-delay timer expires, and the interface moves to the
listening state. An interface always enters the blocking state after device initialization.
An interface in the blocking state performs these functions:
• Discards frames received on the interface
• Discards frames switched from another interface for forwarding
• Does not learn addresses
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
6
Configuring Spanning Tree Protocol
Listening State
• Receives BPDUs
Listening State
The listening state is the first state a Layer 2 interface enters after the blocking state. The interface enters this
state when the spanning tree decides that the interface should participate in frame forwarding.
An interface in the listening state performs these functions:
• Discards frames received on the interface
• Discards frames switched from another interface for forwarding
• Does not learn addresses
• Receives BPDUs
Learning State
A Layer 2 interface in the learning state prepares to participate in frame forwarding. The interface enters the
learning state from the listening state.
An interface in the learning state performs these functions:
• Discards frames received on the interface
• Discards frames switched from another interface for forwarding
• Learns addresses
• Receives BPDUs
Forwarding State
A Layer 2 interface in the forwarding state forwards frames. The interface enters the forwarding state from
the learning state.
An interface in the forwarding state performs these functions:
• Receives and forwards frames received on the interface
• Forwards frames switched from another interface
• Learns addresses
• Receives BPDUs
Disabled State
A Layer 2 interface in the disabled state does not participate in frame forwarding or in the spanning tree. An
interface in the disabled state is nonoperational.
A disabled interface performs these functions:
• Discards frames received on the interface
• Discards frames switched from another interface for forwarding
• Does not learn addresses
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
7
Configuring Spanning Tree Protocol
How a Device or Port Becomes the Root Device or Root Port
Device A is elected as the root device because the device priority of all the devices is set to the default (32768)
and Device A has the lowest MAC address. However, because of traffic patterns, number of forwarding
interfaces, or link types, Device A might not be the ideal root device. By increasing the priority (lowering the
numerical value) of the ideal device so that it becomes the root device, you force a spanning-tree recalculation
You can create a redundant backbone with spanning tree by connecting two device interfaces to another device
or to two different devices. Spanning tree automatically disables one interface but enables it if the other one
fails. If one link is high-speed and the other is low-speed, the low-speed link is always disabled. If the speeds
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
8
Configuring Spanning Tree Protocol
Spanning-Tree Address Management
are the same, the port priority and port ID are added together, and spanning tree disables the link with the
highest value.
You can also create redundant links between devices by using EtherChannel groups.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
9
Configuring Spanning Tree Protocol
Supported Spanning-Tree Instances
device propagates the spanning-tree information associated with that VLAN to all other devices in the
network. Because each device has the same information about the network, this process ensures that the
network topology is maintained.
• Rapid PVST+—Rapid PVST+ is the default STP mode on your device.This spanning-tree mode is the
same as PVST+ except that is uses a rapid convergence based on the IEEE 802.1w standard. . To provide
rapid convergence, the Rapid PVST+ immediately deletes dynamically learned MAC address entries on
a per-port basis upon receiving a topology change. By contrast, PVST+ uses a short aging time for
dynamically learned MAC address entries.
Rapid PVST+ uses the same configuration as PVST+ (except where noted), and the device needs only
minimal extra configuration. The benefit of Rapid PVST+ is that you can migrate a large PVST+ install
base to Rapid PVST+ without having to learn the complexities of the Multiple Spanning Tree Protocol
(MSTP) configuration and without having to reprovision your network. In Rapid PVST+ mode, each
VLAN runs its own spanning-tree instance up to the maximum supported.
• MSTP—This spanning-tree mode is based on the IEEE 802.1s standard. You can map multiple VLANs
to the same spanning-tree instance, which reduces the number of spanning-tree instances required to
support a large number of VLANs. The MSTP runs on top of the RSTP (based on IEEE 802.1w), which
provides for rapid convergence of the spanning tree by eliminating the forward delay and by quickly
transitioning root ports and designated ports to the forwarding state. In a device stack, the cross-stack
rapid transition (CSRT) feature performs the same function as RSTP. You cannot run MSTP without
RSTP or CSRT.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
10
Configuring Spanning Tree Protocol
STP and IEEE 802.1Q Trunks
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
11
Configuring Spanning Tree Protocol
How to Configure Spanning-Tree Features
Note Beginning in Cisco IOS Release 15.2(4)E, the default STP mode is Rapid PVST+.
SUMMARY STEPS
1. enable
2. configure terminal
3. spanning-tree mode {pvst | mst | rapid-pvst}
4. interface interface-id
5. spanning-tree link-type point-to-point
6. end
7. clear spanning-tree detected-protocols
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
12
Configuring Spanning Tree Protocol
Changing the Spanning-Tree Mode
DETAILED STEPS
Device> enable
Step 5 spanning-tree link-type point-to-point Specifies that the link type for this port is point-to-point.
Example: If you connect this port (local port) to a remote port through
a point-to-point link and the local port becomes a designated
Device(config-if)# spanning-tree link-type port, the device negotiates with the remote port and rapidly
point-to-point changes the local port to the forwarding state.
Device(config-if)# end
Step 7 clear spanning-tree detected-protocols If any port on the device is connected to a port on a legacy
IEEE 802.1D device, this command restarts the protocol
Example:
migration process on the entire device.
Device# clear spanning-tree detected-protocols This step is optional if the designated device detects that
this device is running rapid PVST+.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
13
Configuring Spanning Tree Protocol
Disabling Spanning Tree
Caution When spanning tree is disabled and loops are present in the topology, excessive traffic and indefinite packet
duplication can drastically reduce network performance.
SUMMARY STEPS
1. enable
2. configure terminal
3. no spanning-tree vlan vlan-id
4. end
DETAILED STEPS
Device> enable
Device(config)# end
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
14
Configuring Spanning Tree Protocol
Configuring the Root Device
value. When you enter this command, the software checks the device priority of the root devices for each
VLAN. Because of the extended system ID support, the device sets its own priority for the specified VLAN
to 24576 if this value will cause this device to become the root for the specified VLAN.
Use the diameter keyword to specify the Layer 2 network diameter (that is, the maximum number of device
hops between any two end stations in the Layer 2 network). When you specify the network diameter, the
device automatically sets an optimal hello time, forward-delay time, and maximum-age time for a network
of that diameter, which can significantly reduce the convergence time. You can use the hello keyword to
override the automatically calculated hello time.
This procedure is optional.
SUMMARY STEPS
1. enable
2. configure terminal
3. spanning-tree vlan vlan-id root primary [diameter net-diameter
4. end
DETAILED STEPS
Device> enable
Step 3 spanning-tree vlan vlan-id root primary [diameter Configures a device to become the root for the specified
net-diameter VLAN.
Example: • For vlan-id, you can specify a single VLAN identified
by VLAN ID number, a range of VLANs separated
Device(config)# spanning-tree vlan 20-24 root by a hyphen, or a series of VLANs separated by a
primary diameter 4 comma. The range is 1 to 4094.
• (Optional) For diameter net-diameter, specify the
maximum number of devices between any two end
stations. The range is 2 to 7.
Device(config)# end
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
15
Configuring Spanning Tree Protocol
Configuring a Secondary Root Device
What to do next
After configuring the device as the root device, we recommend that you avoid manually configuring the hello
time, forward-delay time, and maximum-age time through the spanning-tree vlan vlan-id hello-time,
spanning-tree vlan vlan-id forward-time, and the spanning-tree vlan vlan-id max-age global configuration
commands.
SUMMARY STEPS
1. enable
2. configure terminal
3. spanning-tree vlan vlan-id root secondary [diameter net-diameter
4. end
DETAILED STEPS
Device> enable
Step 3 spanning-tree vlan vlan-id root secondary [diameter Configures a device to become the secondary root for the
net-diameter specified VLAN.
Example: • For vlan-id, you can specify a single VLAN identified
by VLAN ID number, a range of VLANs separated
Device(config)# spanning-tree vlan 20-24 root by a hyphen, or a series of VLANs separated by a
secondary diameter 4 comma. The range is 1 to 4094.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
16
Configuring Spanning Tree Protocol
Configuring Port Priority
Use the same network diameter value that you used when
configuring the primary root device.
Device(config)# end
Note If your device is a member of a device stack, you must use the spanning-tree [vlan vlan-id] cost cost interface
configuration command instead of the spanning-tree [vlan vlan-id] port-priority priority interface
configuration command to select an interface to put in the forwarding state. Assign lower cost values to
interfaces that you want selected first and higher cost values that you want selected last.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface interface-id
4. spanning-tree port-priority priority
5. spanning-tree vlan vlan-id port-priority priority
6. end
DETAILED STEPS
Device> enable
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
17
Configuring Spanning Tree Protocol
Configuring Path Cost
Step 4 spanning-tree port-priority priority Configures the port priority for an interface.
Example: For priority, the range is 0 to 240, in increments of 16; the
default is 128. Valid values are 0, 16, 32, 48, 64, 80, 96,
Device(config-if)# spanning-tree port-priority 0 112, 128, 144, 160, 176, 192, 208, 224, and 240. All other
values are rejected. The lower the number, the higher the
priority.
Step 5 spanning-tree vlan vlan-id port-priority priority Configures the port priority for a VLAN.
Example: • For vlan-id, you can specify a single VLAN identified
by VLAN ID number, a range of VLANs separated
Device(config-if)# spanning-tree vlan 20-25 by a hyphen, or a series of VLANs separated by a
port-priority 0 comma. The range is 1 to 4094.
• For priority, the range is 0 to 240, in increments of 16;
the default is 128. Valid values are 0, 16, 32, 48, 64,
80, 96, 112, 128, 144, 160, 176, 192, 208, 224, and
240. All other values are rejected. The lower the
number, the higher the priority.
Device(config-if)# end
SUMMARY STEPS
1. enable
2. configure terminal
3. interface interface-id
4. spanning-tree cost cost
5. spanning-tree vlan vlan-id cost cost
6. end
DETAILED STEPS
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
18
Configuring Spanning Tree Protocol
Configuring Path Cost
Device> enable
Step 5 spanning-tree vlan vlan-id cost cost Configures the cost for a VLAN.
Example: If a loop occurs, spanning tree uses the path cost when
selecting an interface to place into the forwarding state. A
Device(config-if)# spanning-tree vlan 10,12-15,20 lower path cost represents higher-speed transmission.
cost 300
• For vlan-id, you can specify a single VLAN identified
by VLAN ID number, a range of VLANs separated
by a hyphen, or a series of VLANs separated by a
comma. The range is 1 to 4094.
• For cost, the range is 1 to 200000000; the default value
is derived from the media speed of the interface.
Device(config-if)# end
The show spanning-tree interface interface-id privileged EXEC command displays information only for
ports that are in a link-up operative state. Otherwise, you can use the show running-config privileged EXEC
command to confirm the configuration.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
19
Configuring Spanning Tree Protocol
Configuring the Device Priority of a VLAN
Note Exercise care when using this command. For most situations, we recommend that you use the spanning-tree
vlan vlan-id root primary and the spanning-tree vlan vlan-id root secondary global configuration commands
to modify the device priority.
SUMMARY STEPS
1. enable
2. configure terminal
3. spanning-tree vlan vlan-id priority priority
4. end
DETAILED STEPS
Device> enable
Step 3 spanning-tree vlan vlan-id priority priority Configures the device priority of a VLAN.
Example: • For vlan-id, you can specify a single VLAN identified
by VLAN ID number, a range of VLANs separated
Device(config)# spanning-tree vlan 20 priority 8192 by a hyphen, or a series of VLANs separated by a
comma. The range is 1 to 4094.
• For priority, the range is 0 to 61440 in increments of
4096; the default is 32768. The lower the number, the
more likely the device will be chosen as the root
device.
Valid priority values are 4096, 8192, 12288, 16384,
20480, 24576, 28672, 32768, 36864, 40960, 45056,
49152, 53248, 57344, and 61440. All other values are
rejected.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
20
Configuring Spanning Tree Protocol
Configuring the Hello Time
Device(config-if)# end
SUMMARY STEPS
1. enable
2. spanning-tree vlan vlan-id hello-time seconds
3. end
DETAILED STEPS
Device> enable
Step 2 spanning-tree vlan vlan-id hello-time seconds Configures the hello time of a VLAN. The hello time is the
time interval between configuration messages generated
Example:
and sent by the root device. These messages mean that the
device is alive.
Device(config)# spanning-tree vlan 20-24 hello-time
3 • For vlan-id, you can specify a single VLAN identified
by VLAN ID number, a range of VLANs separated
by a hyphen, or a series of VLANs separated by a
comma. The range is 1 to 4094.
• For seconds, the range is 1 to 10; the default is 2.
Device(config-if)# end
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
21
Configuring Spanning Tree Protocol
Configuring the Maximum-Aging Time for a VLAN
SUMMARY STEPS
1. enable
2. configure terminal
3. spanning-tree vlan vlan-id forward-time seconds
4. end
DETAILED STEPS
Device> enable
Step 3 spanning-tree vlan vlan-id forward-time seconds Configures the forward time of a VLAN. The forwarding
delay is the number of seconds an interface waits before
Example:
changing from its spanning-tree learning and listening states
to the forwarding state.
Device(config)# spanning-tree vlan 20,25
forward-time 18 • For vlan-id, you can specify a single VLAN identified
by VLAN ID number, a range of VLANs separated
by a hyphen, or a series of VLANs separated by a
comma. The range is 1 to 4094.
• For seconds, the range is 4 to 30; the default is 15.
Device(config)# end
SUMMARY STEPS
1. enable
2. configure terminal
3. spanning-tree vlan vlan-id max-age seconds
4. end
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
22
Configuring Spanning Tree Protocol
Configuring the Transmit Hold-Count
DETAILED STEPS
Device> enable
Step 3 spanning-tree vlan vlan-id max-age seconds Configures the maximum-aging time of a VLAN. The
maximum-aging time is the number of seconds a device
Example:
waits without receiving spanning-tree configuration
messages before attempting a reconfiguration.
Device(config)# spanning-tree vlan 20 max-age 30
• For vlan-id, you can specify a single VLAN identified
by VLAN ID number, a range of VLANs separated
by a hyphen, or a series of VLANs separated by a
comma. The range is 1 to 4094.
• For seconds, the range is 6 to 40; the default is 20.
Device(config-if)# end
Note Changing this parameter to a higher value can have a significant impact on CPU utilization, especially in
Rapid PVST+ mode. Lowering this value can slow down convergence in certain scenarios. We recommend
that you maintain the default setting.
SUMMARY STEPS
1. enable
2. configure terminal
3. spanning-tree transmit hold-count value
4. end
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
23
Configuring Spanning Tree Protocol
Monitoring Spanning-Tree Status
DETAILED STEPS
Device> enable
Step 3 spanning-tree transmit hold-count value Configures the number of BPDUs that can be sent before
pausing for 1 second.
Example:
For value, the range is 1 to 20; the default is 6.
Device(config)# spanning-tree transmit hold-count
6
Device(config)# end
show spanning-tree vlan vlan-id Displays spanning-tree information for the specified
VLAN.
show spanning-tree interface interface-id Displays spanning-tree information for the specified
interface.
show spanning-tree interface interface-id portfast Displays spanning-tree portfast information for the
specified interface.
show spanning-tree summary [totals] Displays a summary of interface states or displays the
total lines of the STP state section.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
24
Configuring Spanning Tree Protocol
Additional References for Spanning-Tree Protocol
To clear spanning-tree counters, use the clear spanning-tree [interface interface-id] privileged EXEC
command.
Standard/RFC Title
None —
MIBs
Technical Assistance
Description Link
The Cisco Support website provides extensive online resources, including http://www.cisco.com/support
documentation and tools for troubleshooting and resolving technical issues
with Cisco products and technologies.
To receive security and technical information about your products, you can
subscribe to various services, such as the Product Alert Tool (accessed from
Field Notices), the Cisco Technical Services Newsletter, and Really Simple
Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website requires a Cisco.com user
ID and password.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
25
Configuring Spanning Tree Protocol
Feature Information for STP
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
26
CHAPTER 2
Configuring Multiple Spanning-Tree Protocol
• Finding Feature Information, on page 27
• Prerequisites for MSTP, on page 27
• Restrictions for MSTP, on page 28
• Information About MSTP, on page 28
• How to Configure MSTP Features, on page 42
• Additional References for MSTP, on page 57
• Feature Information for MSTP, on page 58
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
27
Configuring Multiple Spanning-Tree Protocol
Restrictions for MSTP
contained within the MST cloud than a path through the PVST+ or rapid-PVST+ cloud. You might have
to manually configure the devices in the clouds.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
28
Configuring Multiple Spanning-Tree Protocol
MSTP Configuration Guidelines
the fault tolerance of the network because a failure in one instance (forwarding path) does not affect other
instances (forwarding paths).
Note The multiple spanning-tree (MST) implementation is based on the IEEE 802.1s standard.
The most common initial deployment of MSTP is in the backbone and distribution layers of a Layer 2 switched
network. This deployment provides the highly available network required in a service-provider environment.
When the device is in the MST mode, the RSTP, which is based on IEEE 802.1w, is automatically enabled.
The RSTP provides rapid convergence of the spanning tree through explicit handshaking that eliminates the
IEEE 802.1D forwarding delay and quickly transitions root ports and designated ports to the forwarding state.
Both MSTP and RSTP improve the spanning-tree operation and maintain backward compatibility with
equipment that is based on the (original) IEEE 802.1D spanning tree, with existing Cisco-proprietary Multiple
Instance STP (MISTP), and with existing Cisco PVST+ and rapid per-VLAN spanning-tree plus (Rapid
PVST+).
A device stack appears as a single spanning-tree node to the rest of the network, and all stack members use
the same device ID.
10 Mb/s 2,000,000
1 Gb/s 20,000
10 Gb/s 2,000
Root Switch
The device maintains a spanning-tree instance for the group of VLANs mapped to it. A device ID, consisting
of the device priority and the device MAC address, is associated with each instance. For a group of VLANs,
the device with the lowest device ID becomes the root device.
When you configure a device as the root, you modify the device priority from the default value (32768) to a
significantly lower value so that the device becomes the root device for the specified spanning-tree instance.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
29
Configuring Multiple Spanning-Tree Protocol
Multiple Spanning-Tree Regions
When you enter this command, the device checks the device priorities of the root devices. Because of the
extended system ID support, the device sets its own priority for the specified instance to 24576 if this value
will cause this devices to become the root for the specified spanning-tree instance.
If any root device for the specified instance has a device priority lower than 24576, the device sets its own
priority to 4096 less than the lowest device priority. (4096 is the value of the least-significant bit of a 4-bit
device priority value. For more information, select "Bridge ID, Device Priority, and Extended System ID"
link in Related Topics.
If your network consists of devices that support and do not support the extended system ID, it is unlikely that
the device with the extended system ID support will become the root device. The extended system ID increases
the device priority value every time the VLAN number is greater than the priority of the connected switches
running older software.
The root device for each spanning-tree instance should be a backbone or distribution device. Do not configure
an access device as the spanning-tree primary root.
Use the diameter keyword, which is available only for MST instance 0, to specify the Layer 2 network
diameter (that is, the maximum number of device hops between any two end stations in the Layer 2 network).
When you specify the network diameter, the device automatically sets an optimal hello time, forward-delay
time, and maximum-age time for a network of that diameter, which can significantly reduce the convergence
time. You can use the hello keyword to override the automatically calculated hello time.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
30
Configuring Multiple Spanning-Tree Protocol
Operations Within an MST Region
All MST instances within the same region share the same protocol timers, but each MST instance has
its own topology parameters, such as root device ID, root path cost, and so forth. By default, all VLANs
are assigned to the IST.
An MST instance is local to the region; for example, MST instance 1 in region A is independent of MST
instance 1 in region B, even if regions A and B are interconnected.
• A common and internal spanning tree (CIST), which is a collection of the ISTs in each MST region, and
the common spanning tree (CST) that interconnects the MST regions and single spanning trees.
The spanning tree computed in a region appears as a subtree in the CST that encompasses the entire
switched domain. The CIST is formed by the spanning-tree algorithm running among switches that
support the IEEE 802.1w, IEEE 802.1s, and IEEE 802.1D standards. The CIST inside an MST region
is the same as the CST outside a region.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
31
Configuring Multiple Spanning-Tree Protocol
IEEE 802.1s Terminology
CIST internal root path cost IST master path cost CIST internal path cost
CIST external root path cost Root path cost Root path cost
MSTI internal root path cost Root path cost Root path cost
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
32
Configuring Multiple Spanning-Tree Protocol
Hop Count
Hop Count
The IST and MST instances do not use the message-age and maximum-age information in the configuration
BPDU to compute the spanning-tree topology. Instead, they use the path cost to the root and a hop-count
mechanism similar to the IP time-to-live (TTL) mechanism.
By using the spanning-tree mst max-hops global configuration command, you can configure the maximum
hops inside the region and apply it to the IST and all MST instances in that region. The hop count achieves
the same result as the message-age information (triggers a reconfiguration). The root device of the instance
always sends a BPDU (or M-record) with a cost of 0 and the hop count set to the maximum value. When a
device receives this BPDU, it decrements the received remaining hop count by one and propagates this value
as the remaining hop count in the BPDUs it generates. When the count reaches zero, the device discards the
BPDU and ages the information held for the port.
The message-age and maximum-age information in the RSTP portion of the BPDU remain the same throughout
the region, and the same values are propagated by the region designated ports at the boundary.
Boundary Ports
In the Cisco prestandard implementation, a boundary port connects an MST region to a single spanning-tree
region running RSTP, to a single spanning-tree region running PVST+ or rapid PVST+, or to another MST
region with a different MST configuration. A boundary port also connects to a LAN, the designated device
of which is either a single spanning-tree device or a device with a different MST configuration.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
33
Configuring Multiple Spanning-Tree Protocol
IEEE 802.1s Implementation
There is no definition of a boundary port in the IEEE 802.1s standard. The IEEE 802.1Q-2002 standard
identifies two kinds of messages that a port can receive:
• internal (coming from the same region)
• external (coming from another region)
When a message is internal, the CIST part is received by the CIST, and each MST instance receives its
respective M-record.
When a message is external, it is received only by the CIST. If the CIST role is root or alternate, or if the
external BPDU is a topology change, it could have an impact on the MST instances.
An MST region includes both devices and LANs. A segment belongs to the region of its designated port.
Therefore, a port in a different region than the designated port for a segment is a boundary port. This definition
allows two ports internal to a region to share a segment with a port belonging to a different region, creating
the possibility of a port receiving both internal and external messages.
The primary change from the Cisco prestandard implementation is that a designated port is not defined as
boundary, unless it is running in an STP-compatible mode.
Note If there is a legacy STP device on the segment, messages are always considered external.
The other change from the Cisco prestandard implementation is that the CIST regional root device ID field
is now inserted where an RSTP or legacy IEEE 802.1Q device has the sender device ID. The whole region
performs like a single virtual device by sending a consistent sender device ID to neighboring devices. In this
example, device C would receive a BPDU with the same consistent sender device ID of root, whether or not
A or B is designated for the segment.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
34
Configuring Multiple Spanning-Tree Protocol
Interoperation Between Legacy and Standard Devices
Assume that A is a standard device and B a prestandard device, both configured to be in the same region. A
is the root device for the CIST, and B has a root port (BX) on segment X and an alternate port (BY) on segment
Y. If segment Y flaps, and the port on BY becomes the alternate before sending out a single prestandard
BPDU, AY cannot detect that a prestandard device is connected to Y and continues to send standard BPDUs.
The port BY is fixed in a boundary, and no load balancing is possible between A and B. The same problem
exists on segment X, but B might transmit topology
changes.
Note We recommend that you minimize the interaction between standard and prestandard MST implementations.
This figure illustrates a unidirectional link failure that typically creates a bridging loop. Device A is the root
device, and its BPDUs are lost on the link leading to device B. RSTP and MST BPDUs include the role and
state of the sending port. With this information, device A can detect that device B does not react to the superior
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
35
Configuring Multiple Spanning-Tree Protocol
MSTP and Device Stacks
BPDUs it sends and that device B is the designated, not root device. As a result, device A blocks (or keeps
RSTP Overview
The RSTP takes advantage of point-to-point wiring and provides rapid convergence of the spanning tree.
Reconfiguration of the spanning tree can occur in less than 1 second (in contrast to 50 seconds with the default
settings in the IEEE 802.1D spanning tree).
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
36
Configuring Multiple Spanning-Tree Protocol
Rapid Convergence
• Root port—Provides the best path (lowest cost) when the device forwards packets to the root device.
• Designated port—Connects to the designated device, which incurs the lowest path cost when forwarding
packets from that LAN to the root device. The port through which the designated device is attached to
the LAN is called the designated port.
• Alternate port—Offers an alternate path toward the root device to that provided by the current root port.
• Backup port—Acts as a backup for the path provided by a designated port toward the leaves of the
spanning tree. A backup port can exist only when two ports are connected in a loopback by a point-to-point
link or when a device has two or more connections to a shared LAN segment.
• Disabled port—Has no role within the operation of the spanning tree.
A port with the root or a designated port role is included in the active topology. A port with the alternate or
backup port role is excluded from the active topology.
In a stable topology with consistent port roles throughout the network, the RSTP ensures that every root port
and designated port immediately transition to the forwarding state while all alternate and backup ports are
always in the discarding state (equivalent to blocking in IEEE 802.1D). The port state controls the operation
of the forwarding and learning processes.
Operational Status STP Port State RSTP Port State Is Port Included in the
(IEEE 802.1D) Active Topology?
To be consistent with Cisco STP implementations, this guide defines the port state as blocking instead of
discarding. Designated ports start in the listening state.
Rapid Convergence
The RSTP provides for rapid recovery of connectivity following the failure of a device, a device port, or a
LAN. It provides rapid convergence for edge ports, new root ports, and ports connected through point-to-point
links as follows:
• Edge ports—If you configure a port as an edge port on an RSTP device by using the spanning-tree
portfast interface configuration command, the edge port immediately transitions to the forwarding state.
An edge port is the same as a Port Fast-enabled port, and you should enable it only on ports that connect
to a single end station.
• Root ports—If the RSTP selects a new root port, it blocks the old root port and immediately transitions
the new root port to the forwarding state.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
37
Configuring Multiple Spanning-Tree Protocol
Rapid Convergence
• Point-to-point links—If you connect a port to another port through a point-to-point link and the local
port becomes a designated port, it negotiates a rapid transition with the other port by using the
proposal-agreement handshake to ensure a loop-free topology.
Figure 8: Proposal and Agreement Handshaking for Rapid Convergence
Device A is connected to Device B through a point-to-point link, and all of the ports are in the blocking
state. Assume that the priority of Device A is a smaller numerical value than the priority of Device B.
Device A sends a proposal message (a configuration BPDU with the proposal flag set) to Device B,
proposing itself as the designated device.
After receiving the proposal message, Device B selects as its new root port the port from which the
proposal message was received, forces all nonedge ports to the blocking state, and sends an agreement
message (a BPDU with the agreement flag set) through its new root port.
After receiving Device B’s agreement message, Device A also immediately transitions its designated
port to the forwarding state. No loops in the network are formed because Device B blocked all of its
nonedge ports and because there is a point-to-point link between Devices A and B.
When Device C is connected to Device B, a similar set of handshaking messages are exchanged. Device
C selects the port connected to Device B as its root port, and both ends immediately transition to the
forwarding state. With each iteration of this handshaking process, one more device joins the active
topology. As the network converges, this proposal-agreement handshaking progresses from the root
toward the leaves of the spanning tree.
In a device stack, the cross-stack rapid transition (CSRT) feature ensures that a stack member receives
acknowledgments from all stack members during the proposal-agreement handshaking before moving
the port to the forwarding state. CSRT is automatically enabled when the device is in MST mode.
The device learns the link type from the port duplex mode: a full-duplex port is considered to have a
point-to-point connection; a half-duplex port is considered to have a shared connection. You can override
the default setting that is controlled by the duplex setting by using the spanning-tree link-type interface
configuration command.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
38
Configuring Multiple Spanning-Tree Protocol
Synchronization of Port Roles
If a designated port is in the forwarding state and is not configured as an edge port, it transitions to the blocking
state when the RSTP forces it to synchronize with new root information. In general, when the RSTP forces a
port to synchronize with root information and the port does not satisfy any of the above conditions, its port
state is set to blocking.
Figure 9: Sequence of Events During Rapid Convergence
After ensuring that all of the ports are synchronized, the device sends an agreement message to the designated
device corresponding to its root port. When the devices connected by a point-to-point link are in agreement
about their port roles, the RSTP immediately transitions the port states to forwarding.
The RSTP BPDU format is the same as the IEEE 802.1D BPDU format except that the protocol version is
set to 2. A new 1-byte Version 1 Length field is set to zero, which means that no version 1 protocol information
is present.
Bit Function
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
39
Configuring Multiple Spanning-Tree Protocol
Processing Superior BPDU Information
Bit Function
1 Proposal
4 Learning
5 Forwarding
6 Agreement
The sending device sets the proposal flag in the RSTP BPDU to propose itself as the designated device on
that LAN. The port role in the proposal message is always set to the designated port.
The sending device sets the agreement flag in the RSTP BPDU to accept the previous proposal. The port role
in the agreement message is always set to the root port.
The RSTP does not have a separate topology change notification (TCN) BPDU. It uses the topology change
(TC) flag to show the topology changes. However, for interoperability with IEEE 802.1D devices, the RSTP
device processes and generates TCN BPDUs.
The learning and forwarding flags are set according to the state of the sending port.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
40
Configuring Multiple Spanning-Tree Protocol
Topology Changes
Topology Changes
This section describes the differences between the RSTP and the IEEE 802.1D in handling spanning-tree
topology changes.
• Detection—Unlike IEEE 802.1D in which any transition between the blocking and the forwarding state
causes a topology change, only transitions from the blocking to the forwarding state cause a topology
change with RSTP (only an increase in connectivity is considered a topology change). State changes on
an edge port do not cause a topology change. When an RSTP device detects a topology change, it deletes
the learned information on all of its nonedge ports except on those from which it received the TC
notification.
• Notification—Unlike IEEE 802.1D, which uses TCN BPDUs, the RSTP does not use them. However,
for IEEE 802.1D interoperability, an RSTP device processes and generates TCN BPDUs.
• Acknowledgement—When an RSTP device receives a TCN message on a designated port from an IEEE
802.1D device, it replies with an IEEE 802.1D configuration BPDU with the TCA bit set. However, if
the TC-while timer (the same as the topology-change timer in IEEE 802.1D) is active on a root port
connected to an IEEE 802.1D device and a configuration BPDU with the TCA bit set is received, the
TC-while timer is reset.
This behavior is only required to support IEEE 802.1D devices. The RSTP BPDUs never have the TCA
bit set.
• Propagation—When an RSTP device receives a TC message from another device through a designated
or root port, it propagates the change to all of its nonedge, designated ports and to the root port (excluding
the port on which it is received). The device starts the TC-while timer for all such ports and flushes the
information learned on them.
• Protocol migration—For backward compatibility with IEEE 802.1D devices, RSTP selectively sends
IEEE 802.1D configuration BPDUs and TCN BPDUs on a per-port basis.
When a port is initialized, the migrate-delay timer is started (specifies the minimum time during which
RSTP BPDUs are sent), and RSTP BPDUs are sent. While this timer is active, the device processes all
BPDUs received on that port and ignores the protocol type.
If the device receives an IEEE 802.1D BPDU after the port migration-delay timer has expired, it assumes
that it is connected to an IEEE 802.1D device and starts using only IEEE 802.1D BPDUs. However, if
the RSTP device is using IEEE 802.1D BPDUs on a port and receives an RSTP BPDU after the timer
has expired, it restarts the timer and starts using RSTP BPDUs on that port.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
41
Configuring Multiple Spanning-Tree Protocol
Default MSTP Configuration
Spanning-tree mode
Hello time
Forward-delay time
SUMMARY STEPS
1. enable
2. configure terminal
3. spanning-tree mst configuration
4. instance instance-id vlan vlan-range
5. name name
6. revision version
7. show pending
8. exit
9. spanning-tree mode mst
10. end
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
42
Configuring Multiple Spanning-Tree Protocol
Specifying the MST Region Configuration and Enabling MSTP
DETAILED STEPS
Device> enable
Step 5 name name Specifies the configuration name. The name string has a
maximum length of 32 characters and is case sensitive.
Example:
Step 6 revision version Specifies the configuration revision number. The range is
0 to 65535.
Example:
Device(config-mst)# revision 1
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
43
Configuring Multiple Spanning-Tree Protocol
Configuring the Root Device
Device(config-mst)# exit
Device(config)# end
SUMMARY STEPS
1. enable
2. configure terminal
3. spanning-tree mst instance-id root primary
4. end
DETAILED STEPS
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
44
Configuring Multiple Spanning-Tree Protocol
Configuring a Secondary Root Device
Device> enable
Step 3 spanning-tree mst instance-id root primary Configures a device as the root device.
Example: • For instance-id, you can specify a single instance, a
range of instances separated by a hyphen, or a series
Device(config)# spanning-tree mst 0 root primary of instances separated by a comma. The range is 0 to
4094.
Device(config)# end
SUMMARY STEPS
1. enable
2. configure terminal
3. spanning-tree mst instance-id root secondary
4. end
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
45
Configuring Multiple Spanning-Tree Protocol
Configuring Port Priority
DETAILED STEPS
Device> enable
Step 3 spanning-tree mst instance-id root secondary Configures a device as the secondary root device.
Example: • For instance-id, you can specify a single instance, a
range of instances separated by a hyphen, or a series
Device(config)# spanning-tree mst 0 root secondary of instances separated by a comma. The range is 0 to
4094.
Device(config)# end
Note If the device is a member of a device stack, you must use the spanning-tree mst [instance-id] cost cost
interface configuration command instead of the spanning-tree mst [instance-id] port-priority priority
interface configuration command to select a port to put in the forwarding state. Assign lower cost values to
ports that you want selected first and higher cost values to ports that you want selected last. For more
information, see the path costs topic listed under Related Topics.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
46
Configuring Multiple Spanning-Tree Protocol
Configuring Port Priority
You must also know the specified MST instance ID and the interface used. This example uses 0 as the instance
ID and GigabitEthernet0/1 as the interface because that was the instance ID and interface set up by the
instructions listed under Related Topics.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface interface-id
4. spanning-tree mst instance-id port-priority priority
5. end
DETAILED STEPS
Device> enable
Device(config-if)# end
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
47
Configuring Multiple Spanning-Tree Protocol
Configuring Path Cost
The show spanning-tree mst interface interface-id privileged EXEC command displays information only
if the port is in a link-up operative state. Otherwise, you can use the show running-config interface privileged
EXEC command to confirm the configuration.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface interface-id
4. spanning-tree mst instance-id cost cost
5. end
DETAILED STEPS
Device> enable
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
48
Configuring Multiple Spanning-Tree Protocol
Configuring the Device Priority
Device(config-if)# end
The show spanning-tree mst interface interface-id privileged EXEC command displays information only
for ports that are in a link-up operative state. Otherwise, you can use the show running-config privileged
EXEC command to confirm the configuration.
Note Exercise care when using this command. For normal network configurations, we recommend that you use the
spanning-tree mst instance-id root primary and the spanning-tree mst instance-id root secondary global
configuration commands to specify a device as the root or secondary root device. You should modify the
device priority only in circumstances where these commands do not work.
SUMMARY STEPS
1. enable
2. configure terminal
3. spanning-tree mst instance-id priority priority
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
49
Configuring Multiple Spanning-Tree Protocol
Configuring the Hello Time
4. end
DETAILED STEPS
Device> enable
Step 3 spanning-tree mst instance-id priority priority Configures the device priority.
Example: • For instance-id, you can specify a single instance, a
range of instances separated by a hyphen, or a series
Device(config)# spanning-tree mst 0 priority 40960 of instances separated by a comma. The range is 0 to
4094.
• For priority, the range is 0 to 61440 in increments of
4096; the default is 32768. The lower the number, the
more likely the device will be chosen as the root
device.
Priority values are 0, 4096, 8192, 12288, 16384, 20480,
24576, 28672, 32768, 36864, 40960, 45056, 49152,
53248, 57344, and 61440. These are the only
acceptable values.
Device(config-if)# end
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
50
Configuring Multiple Spanning-Tree Protocol
Configuring the Forwarding-Delay Time
SUMMARY STEPS
1. enable
2. configure terminal
3. spanning-tree mst hello-time seconds
4. end
DETAILED STEPS
Device> enable
Step 3 spanning-tree mst hello-time seconds Configures the hello time for all MST instances. The hello
time is the time interval between configuration messages
Example:
generated and sent by the root device. These messages
indicate that the device is alive.
Device(config)# spanning-tree mst hello-time 4
For seconds, the range is 1 to 10; the default is 3.
Device(config)# end
SUMMARY STEPS
1. enable
2. configure terminal
3. spanning-tree mst forward-time seconds
4. end
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
51
Configuring Multiple Spanning-Tree Protocol
Configuring the Maximum-Aging Time
DETAILED STEPS
Device> enable
Step 3 spanning-tree mst forward-time seconds Configures the forward time for all MST instances. The
forwarding delay is the number of seconds a port waits
Example:
before changing from its spanning-tree learning and
listening states to the forwarding state.
Device(config)# spanning-tree mst forward-time 25
For seconds, the range is 4 to 30; the default is 20.
Device(config)# end
SUMMARY STEPS
1. enable
2. configure terminal
3. spanning-tree mst max-age seconds
4. end
DETAILED STEPS
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
52
Configuring Multiple Spanning-Tree Protocol
Configuring the Maximum-Hop Count
Device> enable
Step 3 spanning-tree mst max-age seconds Configures the maximum-aging time for all MST instances.
The maximum-aging time is the number of seconds a device
Example:
waits without receiving spanning-tree configuration
messages before attempting a reconfiguration.
Device(config)# spanning-tree mst max-age 40
For seconds, the range is 6 to 40; the default is 20.
Device(config)# end
SUMMARY STEPS
1. enable
2. configure terminal
3. spanning-tree mst max-hops hop-count
4. end
DETAILED STEPS
Device> enable
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
53
Configuring Multiple Spanning-Tree Protocol
Specifying the Link Type to Ensure Rapid Transitions
Step 3 spanning-tree mst max-hops hop-count Specifies the number of hops in a region before the BPDU
is discarded, and the information held for a port is aged.
Example:
For hop-count, the range is 1 to 255; the default is 20.
Device(config)# spanning-tree mst max-hops 25
Device(config)# end
SUMMARY STEPS
1. enable
2. configure terminal
3. interface interface-id
4. spanning-tree link-type point-to-point
5. end
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
54
Configuring Multiple Spanning-Tree Protocol
Designating the Neighbor Type
DETAILED STEPS
Device> enable
Step 4 spanning-tree link-type point-to-point Specifies that the link type of a port is point-to-point.
Example:
Device(config-if)# end
SUMMARY STEPS
1. enable
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
55
Configuring Multiple Spanning-Tree Protocol
Restarting the Protocol Migration Process
2. configure terminal
3. interface interface-id
4. spanning-tree mst pre-standard
5. end
DETAILED STEPS
Device> enable
Step 4 spanning-tree mst pre-standard Specifies that the port can send only prestandard BPDUs.
Example:
Device(config-if)# end
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
56
Configuring Multiple Spanning-Tree Protocol
Additional References for MSTP
If you want to use the interface version of the command, you must also know the MST interface used. This
example uses GigabitEthernet1/0/1 as the interface because that was the interface set up by the instructions
listed under Related Topics.
SUMMARY STEPS
1. enable
2. Enter one of the following commands:
• clear spanning-tree detected-protocols
• clear spanning-tree detected-protocols interface interface-id
DETAILED STEPS
Device> enable
Step 2 Enter one of the following commands: The device reverts to the MSTP mode, and the protocol
migration process restarts.
• clear spanning-tree detected-protocols
• clear spanning-tree detected-protocols interface
interface-id
Example:
Device# clear spanning-tree detected-protocols
or
Device# clear spanning-tree detected-protocols
interface gigabitethernet 1/0/1
What to do next
This procedure may need to be repeated if the device receives more legacy IEEE 802.1D configuration BPDUs
(BPDUs with the protocol version set to 0).
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
57
Configuring Multiple Spanning-Tree Protocol
Feature Information for MSTP
Standard/RFC Title
None —
MIBs
Technical Assistance
Description Link
The Cisco Support website provides extensive online resources, including http://www.cisco.com/support
documentation and tools for troubleshooting and resolving technical issues
with Cisco products and technologies.
To receive security and technical information about your products, you can
subscribe to various services, such as the Product Alert Tool (accessed from
Field Notices), the Cisco Technical Services Newsletter, and Really Simple
Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website requires a Cisco.com user
ID and password.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
58
CHAPTER 3
Configuring Optional Spanning-Tree Features
• Information About Optional Spanning-Tree Features, on page 59
• How to Configure Optional Spanning-Tree Features, on page 68
• Monitoring the Spanning-Tree Status, on page 79
• Additional References for Optional Spanning Tree Features, on page 79
• Feature Information for Optional Spanning-Tree Features, on page 80
You can use PortFast on interfaces connected to a single workstation or server to allow those devices to
immediately connect to the network, rather than waiting for the spanning tree to
converge.
Interfaces connected to a single workstation or server should not receive bridge protocol data units (BPDUs).
An interface with PortFast enabled goes through the normal cycle of spanning-tree status changes when the
switch is restarted.
You can enable this feature by enabling it on either the interface or on all nontrunking ports.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
59
Configuring Optional Spanning-Tree Features
BPDU Guard
BPDU Guard
The Bridge Protocol Data Unit (BPDU) guard feature can be globally enabled on the switch or can be enabled
per port, but the feature operates with some differences.
When you enable BPDU guard at the global level on PortFast edge-enabled ports, spanning tree shuts down
ports that are in a PortFast edge-operational state if any BPDU is received on them. In a valid configuration,
PortFast edge-enabled ports do not receive BPDUs. Receiving a BPDU on a Port Fast edge-enabled port
means an invalid configuration, such as the connection of an unauthorized device, and the BPDU guard feature
puts the port in the error-disabled state. When this happens, the switch shuts down the entire port on which
the violation occurred.
When you enable BPDU guard at the interface level on any port without also enabling the PortFast edge
feature, and the port receives a BPDU, it is put in the error-disabled state.
The BPDU guard feature provides a secure response to invalid configurations because you must manually
put the interface back in service. Use the BPDU guard feature in a service-provider network to prevent an
access port from participating in the spanning tree.
BPDU Filtering
The BPDU filtering feature can be globally enabled on the switch or can be enabled per interface, but the
feature operates with some differences.
Enabling BPDU filtering on PortFast edge-enabled interfaces at the global level keeps those interfaces that
are in a PortFast edge-operational state from sending or receiving BPDUs. The interfaces still send a few
BPDUs at link-up before the switch begins to filter outbound BPDUs. You should globally enable BPDU
filtering on a switch so that hosts connected to these interfaces do not receive BPDUs. If a BPDU is received
on a PortFast edge-enabled interface, the interface loses its PortFast edge-operational status, and BPDU
filtering is disabled.
Enabling BPDU filtering on an interface without also enabling the PortFast edge feature keeps the interface
from sending or receiving BPDUs.
Caution Enabling BPDU filtering on an interface is the same as disabling spanning tree on it and can result in
spanning-tree loops.
You can enable the BPDU filtering feature for the entire switch or for an interface.
UplinkFast
Figure 11: Switches in a Hierarchical Network
Switches in hierarchical networks can be grouped into backbone switches, distribution switches, and access
switches. This complex network has distribution switches and access switches that each have at least one
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
60
Configuring Optional Spanning-Tree Features
UplinkFast
loops.
If a switch loses connectivity, it begins using the alternate paths as soon as the spanning tree selects a new
root port. You can accelerate the choice of a new root port when a link or switch fails or when the spanning
tree reconfigures itself by enabling UplinkFast. The root port transitions to the forwarding state immediately
without going through the listening and learning states, as it would with the normal spanning-tree procedures.
When the spanning tree reconfigures the new root port, other interfaces flood the network with multicast
packets, one for each address that was learned on the interface. You can limit these bursts of multicast traffic
by reducing the max-update-rate parameter (the default for this parameter is 150 packets per second). However,
if you enter zero, station-learning frames are not generated, so the spanning-tree topology converges more
slowly after a loss of connectivity.
Note UplinkFast is most useful in wiring-closet switches at the access or edge of the network. It is not appropriate
for backbone devices. This feature might not be useful for other types of applications.
UplinkFast provides fast convergence after a direct link failure and achieves load-balancing between redundant
Layer 2 links using uplink groups. An uplink group is a set of Layer 2 interfaces (per VLAN), only one of
which is forwarding at any given time. Specifically, an uplink group consists of the root port (which is
forwarding) and a set of blocked ports, except for self-looping ports. The uplink group provides an alternate
path in case the currently forwarding link fails.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
61
Configuring Optional Spanning-Tree Features
Cross-Stack UplinkFast
This topology has no link failures. Switch A, the root switch, is connected directly to Switch B over link L1
and to Switch C over link L2. The Layer 2 interface on Switch C that is connected directly to Switch B is in
a blocking state.
Figure 13: UplinkFast Example After Direct Link Failure
If Switch C detects a link failure on the currently active link L2 on the root port (a direct link failure), UplinkFast
unblocks the blocked interface on Switch C and transitions it to the forwarding state without going through
the listening and learning states. This change takes approximately 1 to
5 seconds.
Cross-Stack UplinkFast
Cross-Stack UplinkFast (CSUF) provides a fast spanning-tree transition (fast convergence in less than 1 second
under normal network conditions) across a switch stack. During the fast transition, an alternate redundant link
on the switch stack is placed in the forwarding state without causing temporary spanning-tree loops or loss
of connectivity to the backbone. With this feature, you can have a redundant and resilient network in some
configurations. CSUF is automatically enabled when you enable the UplinkFast feature.
CSUF might not provide a fast transition all the time; in these cases, the normal spanning-tree transition
occurs, completing in 30 to 40 seconds. For more information, see Related Topics.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
62
Configuring Optional Spanning-Tree Features
How Cross-Stack UplinkFast Works
The stack-root port on Switch 1 provides the path to the root of the spanning tree. The alternate stack-root
ports on Switches 2 and 3 can provide an alternate path to the spanning-tree root if the current stack-root
switch fails or if its link to the spanning-tree root fails.
Link 1, the root link, is in the spanning-tree forwarding state. Links 2 and 3 are alternate redundant links that
are in the spanning-tree blocking state. If Switch 1 fails, if its stack-root port fails, or if Link 1 fails, CSUF
selects either the alternate stack-root port on Switch 2 or Switch 3 and puts it into the forwarding state in less
than 1 second.
When certain link loss or spanning-tree events occur (described in the following topic), the Fast Uplink
Transition Protocol uses the neighbor list to send fast-transition requests to stack members.
The switch sending the fast-transition request needs to do a fast transition to the forwarding state of a port
that it has chosen as the root port, and it must obtain an acknowledgment from each stack switch before
performing the fast transition.
Each switch in the stack decides if the sending switch is a better choice than itself to be the stack root of this
spanning-tree instance by comparing the root, cost, and bridge ID. If the sending switch is the best choice as
the stack root, each switch in the stack returns an acknowledgment; otherwise, it sends a fast-transition request.
The sending switch then has not received acknowledgments from all stack switches.
When acknowledgments are received from all stack switches, the Fast Uplink Transition Protocol on the
sending switch immediately transitions its alternate stack-root port to the forwarding state. If acknowledgments
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
63
Configuring Optional Spanning-Tree Features
Events That Cause Fast Convergence
from all stack switches are not obtained by the sending switch, the normal spanning-tree transitions (blocking,
listening, learning, and forwarding) take place, and the spanning-tree topology converges at its normal rate
(2 * forward-delay time + max-age time).
The Fast Uplink Transition Protocol is implemented on a per-VLAN basis and affects only one spanning-tree
instance at a time.
Note The fast transition might not occur if multiple events occur simultaneously. For
example, if a stack member is powered off, and at the same time, the link
connecting the stack root to the spanning-tree root comes back up, the normal
spanning-tree convergence occurs.
BackboneFast
BackboneFast detects indirect failures in the core of the backbone. BackboneFast is a complementary technology
to the UplinkFast feature, which responds to failures on links directly connected to access switches.
BackboneFast optimizes the maximum-age timer, which controls the amount of time the switch stores protocol
information received on an interface. When a switch receives an inferior BPDU from the designated port of
another switch, the BPDU is a signal that the other switch might have lost its path to the root, and BackboneFast
tries to find an alternate path to the root.
BackboneFast starts when a root port or blocked interface on a switch receives inferior BPDUs from its
designated switch. An inferior BPDU identifies a switch that declares itself as both the root bridge and the
designated switch. When a switch receives an inferior BPDU, it means that a link to which the switch is not
directly connected (an indirect link) has failed (that is, the designated switch has lost its connection to the root
switch). Under spanning-tree rules, the switch ignores inferior BPDUs for the maximum aging time (default
is 20 seconds).
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
64
Configuring Optional Spanning-Tree Features
BackboneFast
The switch tries to find if it has an alternate path to the root switch. If the inferior BPDU arrives on a blocked
interface, the root port and other blocked interfaces on the switch become alternate paths to the root switch.
(Self-looped ports are not considered alternate paths to the root switch.) If the inferior BPDU arrives on the
root port, all blocked interfaces become alternate paths to the root switch. If the inferior BPDU arrives on the
root port and there are no blocked interfaces, the switch assumes that it has lost connectivity to the root switch,
causes the maximum aging time on the root port to expire, and becomes the root switch according to normal
spanning-tree rules.
If the switch has alternate paths to the root switch, it uses these alternate paths to send a root link query (RLQ)
request. The switch sends the RLQ request on all alternate paths to learn if any stack member has an alternate
root to the root switch and waits for an RLQ reply from other switches in the network and in the stack. The
switch sends the RLQ request on all alternate paths and waits for an RLQ reply from other switches in the
network.
When a stack member receives an RLQ reply from a nonstack member on a blocked interface and the reply
is destined for another nonstacked switch, it forwards the reply packet, regardless of the spanning-tree interface
state.
When a stack member receives an RLQ reply from a nonstack member and the response is destined for the
stack, the stack member forwards the reply so that all the other stack members receive it.
If the switch discovers that it still has an alternate path to the root, it expires the maximum aging time on the
interface that received the inferior BPDU. If all the alternate paths to the root switch indicate that the switch
has lost connectivity to the root switch, the switch expires the maximum aging time on the interface that
received the RLQ reply. If one or more alternate paths can still connect to the root switch, the switch makes
all interfaces on which it received an inferior BPDU its designated ports and moves them from the blocking
state (if they were in the blocking state), through the listening and learning states, and into the forwarding
state.
Figure 15: BackboneFast Example Before Indirect Link Failure
This is an example topology with no link failures. Switch A, the root switch, connects directly to Switch B
over link L1 and to Switch C over link L2. The Layer 2 interface on Switch C that connects directly to Switch
If link L1 fails, Switch C cannot detect this failure because it is not connected directly to link L1. However,
because Switch B is directly connected to the root switch over L1, it detects the failure, elects itself the root,
and begins sending BPDUs to Switch C, identifying itself as the root. When Switch C receives the inferior
BPDUs from Switch B, Switch C assumes that an indirect failure has occurred. At that point, BackboneFast
allows the blocked interface on Switch C to move immediately to the listening state without waiting for the
maximum aging time for the interface to expire. BackboneFast then transitions the Layer 2 interface on
Switch C to the forwarding state, providing a path from Switch B to Switch A. The root-switch election takes
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
65
Configuring Optional Spanning-Tree Features
EtherChannel Guard
approximately 30 seconds, twice the Forward Delay time if the default Forward Delay time of 15 seconds is
set. BackboneFast reconfigures the topology to account for the failure of link
L1.
Figure 17: Adding a Switch in a Shared-Medium Topology
If a new switch is introduced into a shared-medium topology, BackboneFast is not activated because the
inferior BPDUs did not come from the recognized designated switch (Switch B). The new switch begins
sending inferior BPDUs that indicate it is the root switch. However, the other switches ignore these inferior
BPDUs, and the new switch learns that Switch B is the designated switch to Switch A, the root
switch.
EtherChannel Guard
You can use EtherChannel guard to detect an EtherChannel misconfiguration between the switch and a
connected device. A misconfiguration can occur if the switch interfaces are configured in an EtherChannel,
but the interfaces on the other device are not. A misconfiguration can also occur if the channel parameters are
not the same at both ends of the EtherChannel.
If the switch detects a misconfiguration on the other device, EtherChannel guard places the switch interfaces
in the error-disabled state, and displays an error message.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
66
Configuring Optional Spanning-Tree Features
Root Guard
Root Guard
Figure 18: Root Guard in a Service-Provider Network
The Layer 2 network of a service provider (SP) can include many connections to switches that are not owned
by the SP. In such a topology, the spanning tree can reconfigure itself and select a customer switch as the root
switch. You can avoid this situation by enabling root guard on SP switch interfaces that connect to switches
in your customer’s network. If spanning-tree calculations cause an interface in the customer network to be
selected as the root port, root guard then places the interface in the root-inconsistent (blocked) state to prevent
the customer’s switch from becoming the root switch or being in the path to the root.
If a switch outside the SP network becomes the root switch, the interface is blocked (root-inconsistent state),
and spanning tree selects a new root switch. The customer’s switch does not become the root switch and is
not in the path to the root.
If the switch is operating in multiple spanning-tree (MST) mode, root guard forces the interface to be a
designated port. If a boundary port is blocked in an internal spanning-tree (IST) instance because of root
guard, the interface also is blocked in all MST instances. A boundary port is an interface that connects to a
LAN, the designated switch of which is either an IEEE 802.1D switch or a switch with a different MST region
configuration.
Root guard enabled on an interface applies to all the VLANs to which the interface belongs. VLANs can be
grouped and mapped to an MST instance.
Caution Misuse of the root guard feature can cause a loss of connectivity.
Loop Guard
You can use loop guard to prevent alternate or root ports from becoming designated ports because of a failure
that leads to a unidirectional link. This feature is most effective when it is enabled on the entire switched
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
67
Configuring Optional Spanning-Tree Features
How to Configure Optional Spanning-Tree Features
network. Loop guard prevents alternate and root ports from becoming designated ports, and spanning tree
does not send BPDUs on root or alternate ports.
When the switch is operating in PVST+ or rapid-PVST+ mode, loop guard prevents alternate and root ports
from becoming designated ports, and spanning tree does not send BPDUs on root or alternate ports.
When the switch is operating in MST mode, BPDUs are not sent on nonboundary ports only if the interface
is blocked by loop guard in all MST instances. On a boundary port, loop guard blocks the interface in all MST
instances.
Caution Use PortFast only when connecting a single end station to an access or trunk port. Enabling this feature on
an interface connected to a switch or hub could prevent spanning tree from detecting and disabling loops in
your network, which could cause broadcast storms and address-learning problems.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface interface-id
4. spanning-tree portfast [trunk]
5. end
DETAILED STEPS
Device> enable
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
68
Configuring Optional Spanning-Tree Features
Enabling BPDU Guard
Step 4 spanning-tree portfast [trunk] Enables PortFast on an access port connected to a single
workstation or server.
Example:
By specifying the trunk keyword, you can enable PortFast
Device(config-if)# spanning-tree portfast trunk on a trunk port.
Note To enable PortFast on trunk ports, you must use
the spanning-tree portfast trunk interface
configuration command. The spanning-tree
portfast command will not work on trunk ports.
Make sure that there are no loops in the network
between the trunk port and the workstation or
server before you enable PortFast on a trunk port.
Device(config-if)# end
What to do next
You can use the spanning-tree portfast default global configuration command to globally enable the PortFast
feature on all nontrunking ports.
Caution Configure PortFast edge only on ports that connect to end stations; otherwise, an accidental topology loop
could cause a data packet loop and disrupt switch and network operation.
SUMMARY STEPS
1. enable
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
69
Configuring Optional Spanning-Tree Features
Enabling BPDU Filtering
2. configure terminal
3. interface interface-id
4. spanning-tree portfast edge
5. end
DETAILED STEPS
Device> enable
Step 3 interface interface-id Specifies the interface connected to an end station, and
enters interface configuration mode.
Example:
Device(config-if)# end
What to do next
To prevent the port from shutting down, you can use the errdisable detect cause bpduguard shutdown vlan
global configuration command to shut down just the offending VLAN on the port where the violation occurred.
You also can use the spanning-tree bpduguard enable interface configuration command to enable BPDU
guard on any port without also enabling the PortFast edge feature. When the port receives a BPDU, it is put
it in the error-disabled state.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
70
Configuring Optional Spanning-Tree Features
Enabling BPDU Filtering
Caution Enabling BPDU filtering on an interface is the same as disabling spanning tree on it and can result in
spanning-tree loops.
You can enable the BPDU filtering feature if your switch is running PVST+, Rapid PVST+, or MSTP.
Caution Configure PortFast edge only on interfaces that connect to end stations; otherwise, an accidental topology
loop could cause a data packet loop and disrupt switch and network operation.
SUMMARY STEPS
1. enable
2. configure terminal
3. spanning-tree portfast edge bpdufilter default
4. interface interface-id
5. spanning-tree portfast edge
6. end
DETAILED STEPS
Device> enable
Step 3 spanning-tree portfast edge bpdufilter default Globally enables BPDU filtering.
Example: By default, BPDU filtering is disabled.
Step 4 interface interface-id Specifies the interface connected to an end station, and
enters interface configuration mode.
Example:
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
71
Configuring Optional Spanning-Tree Features
Enabling UplinkFast for Use with Redundant Links
Device(config-if)# end
Note When you enable UplinkFast, it affects all VLANs on the switch or switch stack. You cannot configure
UplinkFast on an individual VLAN.
You can configure the UplinkFast or the Cross-Stack UplinkFast (CSUF) feature for Rapid PVST+ or for the
MSTP, but the feature remains disabled (inactive) until you change the spanning-tree mode to PVST+.
This procedure is optional. Follow these steps to enable UplinkFast and CSUF.
SUMMARY STEPS
1. enable
2. configure terminal
3. spanning-tree uplinkfast [max-update-rate pkts-per-second]
4. end
DETAILED STEPS
Device> enable
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
72
Configuring Optional Spanning-Tree Features
Disabling UplinkFast
Device(config)# end
When UplinkFast is enabled, the switch priority of all VLANs is set to 49152. If you change the path cost to
a value less than 3000 and you enable UplinkFast or UplinkFast is already enabled, the path cost of all interfaces
and VLAN trunks is increased by 3000 (if you change the path cost to 3000 or above, the path cost is not
altered). The changes to the switch priority and the path cost reduce the chance that a switch will become the
root switch.
When UplinkFast is disabled, the switch priorities of all VLANs and path costs of all interfaces are set to
default values if you did not modify them from their defaults.
When you enable the UplinkFast feature using these instructions, CSUF is automatically globally enabled on
nonstack port interfaces.
Disabling UplinkFast
This procedure is optional.
Follow these steps to disable UplinkFast and Cross-Stack UplinkFast (CSUF).
SUMMARY STEPS
1. enable
2. configure terminal
3. no spanning-tree uplinkfast
4. end
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
73
Configuring Optional Spanning-Tree Features
Enabling BackboneFast
DETAILED STEPS
Device> enable
Step 3 no spanning-tree uplinkfast Disables UplinkFast and CSUF on the switch and all of its
VLANs.
Example:
Device(config)# no spanning-tree uplinkfast
Device(config)# end
When UplinkFast is disabled, the switch priorities of all VLANs and path costs of all interfaces are set to
default values if you did not modify them from their defaults.
When you disable the UplinkFast feature using these instructions, CSUF is automatically globally disabled
on nonstack port interfaces.
Enabling BackboneFast
You can enable BackboneFast to detect indirect link failures and to start the spanning-tree reconfiguration
sooner.
You can configure the BackboneFast feature for Rapid PVST+ or for the MSTP, but the feature remains
disabled (inactive) until you change the spanning-tree mode to PVST+.
This procedure is optional. Follow these steps to enable BackboneFast on the switch.
SUMMARY STEPS
1. enable
2. configure terminal
3. spanning-tree backbonefast
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
74
Configuring Optional Spanning-Tree Features
Enabling EtherChannel Guard
4. end
DETAILED STEPS
Device> enable
Device(config)# end
SUMMARY STEPS
1. enable
2. configure terminal
3. spanning-tree etherchannel guard misconfig
4. end
DETAILED STEPS
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
75
Configuring Optional Spanning-Tree Features
Enabling Root Guard
Device> enable
Device(config)# end
What to do next
You can use the show interfaces status err-disabled privileged EXEC command to show which device ports
are disabled because of an EtherChannel misconfiguration. On the remote device, you can enter the show
etherchannel summary privileged EXEC command to verify the EtherChannel configuration.
After the configuration is corrected, enter the shutdown and no shutdown interface configuration commands
on the port-channel interfaces that were misconfigured.
Note You cannot enable both root guard and loop guard at the same time.
You can enable this feature if your switch is running PVST+, Rapid PVST+, or MSTP.
This procedure is optional.
Follow these steps to enable root guard on the switch.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
76
Configuring Optional Spanning-Tree Features
Enabling Loop Guard
SUMMARY STEPS
1. enable
2. configure terminal
3. interface interface-id
4. spanning-tree guard root
5. end
DETAILED STEPS
Device> enable
Device(config-if)# end
Note You cannot enable both loop guard and root guard at the same time.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
77
Configuring Optional Spanning-Tree Features
Enabling Loop Guard
You can enable this feature if your device is running PVST+, Rapid PVST+, or MSTP.
This procedure is optional. Follow these steps to enable loop guard on the device.
SUMMARY STEPS
1. Enter one of the following commands:
• show spanning-tree active
• show spanning-tree mst
2. configure terminal
3. spanning-tree loopguard default
4. end
DETAILED STEPS
or
Device(config)# end
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
78
Configuring Optional Spanning-Tree Features
Monitoring the Spanning-Tree Status
Command Purpose
show spanning-tree active Displays spanning-tree information on active
interfaces only.
show spanning-tree interface interface-id Displays spanning-tree information for the specified
interface.
show spanning-tree mst interface interface-id Displays MST information for the specified interface.
show spanning-tree summary [totals] Displays a summary of interface states or displays the
total lines of the spanning-tree state section.
show spanning-tree mst interface interface-id Displays spanning-tree portfast information for the
portfast edge specified interface.
Standard/RFC Title
None —
MIBs
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
79
Configuring Optional Spanning-Tree Features
Feature Information for Optional Spanning-Tree Features
Technical Assistance
Description Link
The Cisco Support website provides extensive online resources, including http://www.cisco.com/support
documentation and tools for troubleshooting and resolving technical issues
with Cisco products and technologies.
To receive security and technical information about your products, you can
subscribe to various services, such as the Product Alert Tool (accessed from
Field Notices), the Cisco Technical Services Newsletter, and Really Simple
Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website requires a Cisco.com user
ID and password.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
80
CHAPTER 4
Configuring EtherChannels
• Finding Feature Information, on page 81
• Restrictions for EtherChannels, on page 81
• Information About EtherChannels, on page 82
• How to Configure EtherChannels, on page 92
• Monitoring EtherChannel, PAgP, and LACP Status, on page 109
• Configuration Examples for Configuring EtherChannels, on page 110
• Additional References for EtherChannels, on page 113
• Feature Information for EtherChannels, on page 114
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
81
Configuring EtherChannels
Information About EtherChannels
The EtherChannel provides full-duplex bandwidth up to 8 Gb/s (Gigabit EtherChannel) or 80 Gb/s (10-Gigabit
EtherChannel) between your switch and another switch or host.
Each EtherChannel can consist of up to eight compatibly configured Ethernet ports.
The channel-group command binds the physical port and the port-channel interface together. Each
EtherChannel has a port-channel logical interface numbered from 1 to. This port-channel interface number
corresponds to the one specified with the channel-group interface configuration command.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
82
Configuring EtherChannels
Port Aggregation Protocol
• With Layer 2 ports, use the channel-group interface configuration command to dynamically create the
port-channel interface.
You also can use the interface port-channel port-channel-number global configuration command to
manually create the port-channel interface, but then you must use the channel-group
channel-group-number command to bind the logical interface to a physical port. The
channel-group-number can be the same as the port-channel-number, or you can use a new number. If
you use a new number, the channel-group command dynamically creates a new port channel.
• With Layer 3 ports, you should manually create the logical interface by using the interface port-channel
global configuration command followed by the no switchport interface configuration command. You
then manually assign an interface to the EtherChannel by using the channel-group interface configuration
command.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
83
Configuring EtherChannels
PAgP Modes
PAgP Modes
PAgP modes specify whether a port can send PAgP packets, which start PAgP negotiations, or only respond
to PAgP packets received.
Mode Description
auto Places a port into a passive negotiating state, in which the port responds to PAgP packets
it receives but does not start PAgP packet negotiation. This setting minimizes the
transmission of PAgP packets.
desirable Places a port into an active negotiating state, in which the port starts negotiations with other
ports by sending PAgP packets.
Switch ports exchange PAgP packets only with partner ports configured in the auto or desirable modes. Ports
configured in the on mode do not exchange PAgP packets.
Both the auto and desirable modes enable ports to negotiate with partner ports to form an EtherChannel based
on criteria such as port speed. and for Layer 2 EtherChannels, based on trunk state and VLAN numbers.
Ports can form an EtherChannel when they are in different PAgP modes as long as the modes are compatible.
For example:
• A port in the desirable mode can form an EtherChannel with another port that is in the desirable or auto
mode.
• A port in the auto mode can form an EtherChannel with another port in the desirable mode.
A port in the auto mode cannot form an EtherChannel with another port that is also in the auto mode because
neither port starts PAgP negotiation.
Silent Mode
If your switch is connected to a partner that is PAgP-capable, you can configure the switch port for nonsilent
operation by using the non-silent keyword. If you do not specify non-silent with the auto or desirable mode,
silent mode is assumed.
Use the silent mode when the switch is connected to a device that is not PAgP-capable and seldom, if ever,
sends packets. An example of a silent partner is a file server or a packet analyzer that is not generating traffic.
In this case, running PAgP on a physical port connected to a silent partner prevents that switch port from ever
becoming operational. However, the silent setting allows PAgP to operate, to attach the port to a channel
group, and to use the port for transmission.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
84
Configuring EtherChannels
PAgP Interaction with Other Features
PAgP cannot automatically detect when the partner device is a physical learner and when the local device is
an aggregate-port learner. Therefore, you must manually set the learning method on the local device to learn
addresses by physical ports. You also must set the load-distribution method to source-based distribution, so
that any given source MAC address is always sent on the same physical port.
You also can configure a single port within the group for all transmissions and use other ports for hot-standby.
The unused ports in the group can be swapped into operation in just a few seconds if the selected single port
loses hardware-signal detection. You can configure which port is always selected for packet transmission by
changing its priority with the pagp port-priority interface configuration command. The higher the priority,
the more likely that the port will be selected.
Note The device supports address learning only on aggregate ports even though the physical-port keyword is
provided in the CLI. The pagp learn-method command and the pagp port-priority command have no effect
on the device hardware, but they are required for PAgP interoperability with devices that only support address
learning by physical ports, such as the Catalyst 1900 switch.
When the link partner of the device is a physical learner, we recommend that you configure the device as a
physical-port learner by using the pagp learn-method physical-port interface configuration command. Set
the load-distribution method based on the source MAC address by using the port-channel load-balance
src-mac global configuration command. The device then sends packets to the physcial learner using the same
port in the EtherChannel from which it learned the source address. Only use the pagp learn-method command
in this situation.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
85
Configuring EtherChannels
LACP Modes
The independent mode behavior of ports in a port channel is changed. With CSCtn96950, by default, standalone
mode is enabled. When no response is received from an LACP peer, ports in the port channel are moved to
suspended state.
LACP Modes
LACP modes specify whether a port can send LACP packets or only receive LACP packets.
Mode Description
active Places a port into an active negotiating state in which the port starts negotiations with
other ports by sending LACP packets.
passive Places a port into a passive negotiating state in which the port responds to LACP packets
that it receives, but does not start LACP packet negotiation. This setting minimizes the
transmission of LACP packets.
Both the active and passive LACP modes enable ports to negotiate with partner ports to an EtherChannel
based on criteria such as port speed, and for Layer 2 EtherChannels, based on trunk state and VLAN numbers.
Ports can form an EtherChannel when they are in different LACP modes as long as the modes are compatible.
For example:
• A port in the active mode can form an EtherChannel with another port that is in the active or passive
mode.
• A port in the passive mode cannot form an EtherChannel with another port that is also in the passive
mode because neither port starts LACP negotiation.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
86
Configuring EtherChannels
LACP Interaction with Other Features
EtherChannel On Mode
EtherChannel on mode can be used to manually configure an EtherChannel. The on mode forces a port to
join an EtherChannel without negotiations. The on mode can be useful if the remote device does not support
PAgP or LACP. In the on mode, a usable EtherChannel exists only when the devices at both ends of the link
are configured in the on mode.
Ports that are configured in the on mode in the same channel group must have compatible port characteristics,
such as speed and duplex. Ports that are not compatible are suspended, even though they are configured in
the on mode.
Caution You should use care when using the on mode. This is a manual configuration, and ports on both ends of the
EtherChannel must have the same configuration. If the group is misconfigured, packet loss or spanning-tree
loops can occur.
Note Layer 3 Equal-cost multi path (ECMP) load balancing is based on source IP address, destination IP address,
source port, destination port, and layer 4 protocol. Fragmented packets will be treated on two different links
based on the algorithm calculated using these parameters. Any changes in one of these parameters will result
in load balancing.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
87
Configuring EtherChannels
IP Address Forwarding
With destination-MAC address forwarding, when packets are forwarded to an EtherChannel, they are distributed
across the ports in the channel based on the destination host’s MAC address of the incoming packet. Therefore,
packets to the same destination are forwarded over the same port, and packets to a different destination are
sent on a different port in the channel.
With source-and-destination MAC address forwarding, when packets are forwarded to an EtherChannel, they
are distributed across the ports in the channel based on both the source and destination MAC addresses. This
forwarding method, a combination source-MAC and destination-MAC address forwarding methods of load
distribution, can be used if it is not clear whether source-MAC or destination-MAC address forwarding is
better suited on a particular device. With source-and-destination MAC-address forwarding, packets sent from
host A to host B, host A to host C, and host C to host B could all use different ports in the channel.
IP Address Forwarding
With source-IP address-based forwarding, packets are distributed across the ports in the EtherChannel based
on the source-IP address of the incoming packet. To provide load balancing, packets from different IP addresses
use different ports in the channel, and packets from the same IP address use the same port in the channel.
With destination-IP address-based forwarding, packets are distributed across the ports in the EtherChannel
based on the destination-IP address of the incoming packet. To provide load balancing, packets from the same
IP source address sent to different IP destination addresses could be sent on different ports in the channel.
Packets sent from different source IP addresses to the same destination IP address are always sent on the same
port in the channel.
With source-and-destination IP address-based forwarding, packets are distributed across the ports in the
EtherChannel based on both the source and destination IP addresses of the incoming packet. This forwarding
method, a combination of source-IP and destination-IP address-based forwarding, can be used if it is not clear
whether source-IP or destination-IP address-based forwarding is better suited on a particular device. In this
method, packets sent from the IP address A to IP address B, from IP address A to IP address C, and from IP
address C to IP address B could all use different ports in the channel.
Load-Balancing Advantages
Different load-balancing methods have different advantages, and the choice of a particular load-balancing
method should be based on the position of the device in the network and the kind of traffic that needs to be
load-distributed.
Figure 21: Load Distribution and Forwarding Methods
In the following figure, an EtherChannel of four workstations communicates with a router. Because the router
is a single MAC-address device, source-based forwarding on the device EtherChannel ensures that the device
uses all available bandwidth to the router. The router is configured for destination-based forwarding because
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
88
Configuring EtherChannels
EtherChannel and Device Stacks
the large number of workstations ensures that the traffic is evenly distributed from the router EtherChannel.
Use the option that provides the greatest variety in your configuration. For example, if the traffic on a channel
is going only to a single MAC address, using the destination-MAC address always chooses the same link in
the channel. Using source addresses or IP addresses might result in better load-balancing.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
89
Configuring EtherChannels
Default EtherChannel Configuration
LACP system ID LACP system priority and the device or stack MAC address.
Load-balancing Load distribution on the device is based on the source-MAC address of the
incoming packet.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
90
Configuring EtherChannels
Layer 2 EtherChannel Configuration Guidelines
• Allowed-VLAN list
• Spanning-tree path cost for each VLAN
• Spanning-tree port priority for each VLAN
• Spanning-tree Port Fast setting
Auto-LAG
The auto-LAG feature provides the ability to auto create EtherChannels on ports connected to a switch. By
default, auto-LAG is disabled globally and is enabled on all port interfaces. The auto-LAG applies to a switch
only when it is enabled globally.
On enabling auto-LAG globally, the following scenarios are possible:
• All port interfaces participate in creation of auto EtherChannels provided the partner port interfaces have
EtherChannel configured on them. For more information, see the "The supported auto-LAG configurations
between the actor and partner devices" table below.
• Ports that are already part of manual EtherChannels cannot participate in creation of auto EtherChannels.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
91
Configuring EtherChannels
Auto-LAG Configuration Guidelines
• When auto-LAG is disabled on a port interface that is already a part of an auto created EtherChannel,
the port interface will unbundle from the auto EtherChannel.
The following table shows the supported auto-LAG configurations between the actor and partner devices:
Table 14: The supported auto-LAG configurations between the actor and partner devices
On disabling auto-LAG globally, all auto created Etherchannels become manual EtherChannels.
You cannot add any configurations in an existing auto created EtherChannel. To add, you should first convert
it into a manual EtherChannel by executing the port-channel<channel-number>persistent.
Note Auto-LAG uses the LACP protocol to create auto EtherChannel. Only one EtherChannel can be automatically
created with the unique partner devices.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
92
Configuring EtherChannels
Configuring Layer 2 EtherChannels
SUMMARY STEPS
1. configure terminal
2. interface interface-id
3. switchport mode {access | trunk}
4. switchport access vlan vlan-id
5. channel-group channel-group-number mode {auto [non-silent] | desirable [non-silent ] | on } | { active
| passive}
6. end
DETAILED STEPS
Step 2 interface interface-id Specifies a physical port, and enters interface configuration
mode.
Example:
Valid interfaces are physical ports.
Device(config)# interface gigabitethernet
For a PAgP EtherChannel, you can configure up to eight
ports of the same type and speed for the same group.
For a LACP EtherChannel, you can configure up to 16
Ethernet ports of the same type. Up to eight ports can be
active, and up to eight ports can be in standby mode.
Step 3 switchport mode {access | trunk} Assigns all ports as static-access ports in the same VLAN,
or configure them as trunks.
Example:
If you configure the port as a static-access port, assign it to
Device(config-if)# switchport mode access only one VLAN. The range is 1 to 4094.
Step 4 switchport access vlan vlan-id (Optional) If you configure the port as a static-access port,
assign it to only one VLAN. The range is 1 to 4094.
Example:
Step 5 channel-group channel-group-number mode {auto Assigns the port to a channel group, and specifies the PAgP
[non-silent] | desirable [non-silent ] | on } | { active | or the LACP mode.
passive}
For mode, select one of these keywords:
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
93
Configuring EtherChannels
Configuring Layer 3 EtherChannels
Device(config-if)# end
SUMMARY STEPS
1. enable
2. configure terminal
3. interface interface-id
4. no ip address
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
94
Configuring EtherChannels
Configuring Layer 3 EtherChannels
5. no switchport
6. channel-group channel-group-number mode { auto [ non-silent ] | desirable [ non-silent ]
| on } | { active | passive }
7. end
DETAILED STEPS
Device> enable
Step 3 interface interface-id Specifies a physical port, and enters interface configuration
mode.
Example:
Valid interfaces include physical ports.
Device(config)# interface gigabitethernet 1/0/2
For a PAgP EtherChannel, you can configure up to eight
ports of the same type and speed for the same group.
For a LACP EtherChannel, you can configure up to 16
Ethernet ports of the same type. Up to eight ports can be
active, and up to eight ports can be in standby mode.
Device(config-if)# no ip address
Device(config-if)# no switchport
Step 6 channel-group channel-group-number mode { auto [ Assigns the port to a channel group, and specifies the PAgP
non-silent ] | desirable [ non-silent ] | on } | or the LACP mode.
{ active | passive }
For mode, select one of these keywords:
Example:
• auto—Enables PAgP only if a PAgP device is
detected. It places the port into a passive negotiating
Device(config-if)# channel-group 5 mode auto
state, in which the port responds to PAgP packets it
receives but does not start PAgP packet negotiation.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
95
Configuring EtherChannels
Configuring EtherChannel Load-Balancing
Device(config-if)# end
SUMMARY STEPS
1. configure terminal
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
96
Configuring EtherChannels
Configuring EtherChannel Load-Balancing
DETAILED STEPS
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
97
Configuring EtherChannels
Configuring EtherChannel Extended Load-Balancing
Device(config)# end
SUMMARY STEPS
1. configure terminal
2. port-channel load-balance extended [ dst-ip | dst-mac dst-port | ipv6-label | l3-proto
| src-ip | src-mac | src-port ]
3. end
DETAILED STEPS
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
98
Configuring EtherChannels
Configuring the PAgP Learn Method and Priority
Device(config)# end
SUMMARY STEPS
1. configure terminal
2. interface interface-id
3. pagp learn-method physical-port
4. pagp port-priority priority
5. end
DETAILED STEPS
Step 2 interface interface-id Specifies the port for transmission, and enters interface
configuration mode.
Example:
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
99
Configuring EtherChannels
Configuring LACP Hot-Standby Ports
Step 4 pagp port-priority priority Assigns a priority so that the selected port is chosen for
packet transmission.
Example:
For priority, the range is 0 to 255. The default is 128. The
Device(config-if)# pagp port-priority 200 higher the priority, the more likely that the port will be used
for PAgP transmission.
Device(config-if)# end
In priority comparisons, numerically lower values have higher priority. The priority decides which ports
should be put in standby mode when there is a hardware limitation that prevents all compatible ports from
aggregating.
Determining which ports are active and which are hot standby is a two-step procedure. First the system with
a numerically lower system priority and system ID is placed in charge of the decision. Next, that system
decides which ports are active and which are hot standby, based on its values for port priority and port number.
The port priority and port number values for the other system are not used.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
100
Configuring EtherChannels
Configuring the LACP Max Bundle Feature
You can change the default values of the LACP system priority and the LACP port priority to affect how the
software selects active and standby links.
SUMMARY STEPS
1. configure terminal
2. interface port-channel channel-number
3. lacp max-bundle max-bundle-number
4. end
DETAILED STEPS
Step 2 interface port-channel channel-number Enters interface configuration mode for a port channel.
Example: The range is 1 to 128.
Step 3 lacp max-bundle max-bundle-number Specifies the maximum number of LACP ports in the
port-channel bundle.
Example:
The range is 1 to 8.
Device(config-if)# lacp max-bundle 3
Device(config)# end
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
101
Configuring EtherChannels
Configuring the LACP Port Channel Min-Links Feature
SUMMARY STEPS
1. configure terminal
2. interface port-channel channel-group
3. port-channel standalone-disable
4. end
5. show etherchannel
DETAILED STEPS
Step 3 port-channel standalone-disable Disables the standalone mode on the port-channel interface.
Example:
Device(config-if)# port-channel standalone-disable
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
102
Configuring EtherChannels
Configuring the LACP System Priority
SUMMARY STEPS
1. enable
2. configure terminal
3. interface port-channel channel-number
4. port-channel min-links min-links-number
5. end
DETAILED STEPS
Device> enable
Step 3 interface port-channel channel-number Enters interface configuration mode for a port-channel.
Example: For channel-number, the range is 1 to 63.
Step 4 port-channel min-links min-links-number Specifies the minimum number of member ports that must
be in the link-up state and bundled in the EtherChannel for
Example:
the port channel interface to transition to the link-up state.
Device(config-if)# port-channel min-links 3 For min-links-number , the range is 2 to 8.
Device(config)# end
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
103
Configuring EtherChannels
Configuring the LACP Port Priority
Follow these steps to configure the LACP system priority. This procedure is optional.
SUMMARY STEPS
1. enable
2. configure terminal
3. lacp system-priority priority
4. end
DETAILED STEPS
Device> enable
Device(config)# end
Note If LACP is not able to aggregate all the ports that are compatible (for example, the remote system might have
more restrictive hardware limitations), all the ports that cannot be actively included in the EtherChannel are
put in the hot-standby state and are used only if one of the channeled ports fails.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
104
Configuring EtherChannels
Configuring LACP Fast Rate Timer
Follow these steps to configure the LACP port priority. This procedure is optional.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface interface-id
4. lacp port-priority priority
5. end
DETAILED STEPS
Device> enable
Step 3 interface interface-id Specifies the port to be configured, and enters interface
configuration mode.
Example:
Device(config-if)# end
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
105
Configuring EtherChannels
Configuring LACP Fast Rate Timer
the timeout rate from the default rate (30 seconds) to the fast rate (1 second). This command is supported only
on LACP-enabled interfaces.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface {fastethernet | gigabitethernet | tengigabitethernet} slot/port
4. lacp rate {normal | fast}
5. end
6. show lacp internal
DETAILED STEPS
Device> enable
Step 3 interface {fastethernet | gigabitethernet | Configures an interface and enters interface configuration
tengigabitethernet} slot/port mode.
Example:
Step 4 lacp rate {normal | fast} Configures the rate at which LACP control packets are
received by an LACP-supported interface.
Example:
• To reset the timeout rate to its default, use the no lacp
Device(config-if)# lacp rate fast rate command.
Device(config)# end
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
106
Configuring EtherChannels
Configuring Auto-LAG Globally
DETAILED STEPS
Device> enable
Step 3 [no] port-channel auto Enables the auto-LAG feature on a switch globally. Use the
no form of this command to disable the auto-LAG feature
Example:
on the switch globally.
Device(config)# port-channel auto
Note By default, the auto-LAG feature is enabled on
the port.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
107
Configuring EtherChannels
Configuring Auto-LAG on a Port Interface
DETAILED STEPS
Device> enable
Step 3 interface interface-id Specifies the port interface to be enabled for auto-LAG,
and enters interface configuration mode.
Example:
Device(config)# interface gigabitethernet
Step 4 [no] channel-group auto (Optional) Enables auto-LAG feature on individual port
interface. Use the no form of this command to disable the
Example:
auto-LAG feature on individual port interface.
Device(config-if)# channel-group auto
Note By default, the auto-LAG feature is enabled on
the port.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
108
Configuring EtherChannels
Configuring Persistence with Auto-LAG
What to do next
SUMMARY STEPS
1. enable
2. port-channel channel-number persistent
3. show etherchannel summary
DETAILED STEPS
Device> enable
Step 2 port-channel channel-number persistent Converts the auto created EtherChannel into a manual one
and allows you to add configuration on the EtherChannel.
Example:
Device# port-channel 1 persistent
Table 15: Commands for Monitoring EtherChannel, PAgP, and LACP Status
Command Description
clear lacp { channel-group-number counters Clears LACP channel-group information and traffic
| counters } counters.
clear pagp { channel-group-number counters Clears PAgP channel-group information and traffic
| counters } counters.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
109
Configuring EtherChannels
Configuration Examples for Configuring EtherChannels
Command Description
show etherchannel load-balance Displays the load balance or frame distribution scheme
among ports in the port channel.
This example shows how to configure an EtherChannel on a single device in the stack. It assigns two ports
as static-access ports in VLAN 10 to channel 5 with the LACP mode active:
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
110
Configuring EtherChannels
Configuring Layer 3 EtherChannels: Examples
This example shows how to configure a cross-stack EtherChannel. It uses LACP passive mode and assigns
two ports on stack member 1 and one port on stack member 2 as static-access ports in VLAN 10 to channel
5:
PoE or LACP negotiation errors may occur if you configure two ports from switch to the access point (AP).
This scenario can be avoided if the port channel configuration is on the switch side. For more details, see the
following example:
interface Port-channel1
switchport access vlan 20
switchport mode access
switchport nonegotiate
no port-channel standalone-disable <--this one
spanning-tree portfast
Note If the port reports LACP errors on port flap, you should include the following command as well: no errdisable
detect cause pagp-flap
This example shows how to configure a cross-stack Layer 3 EtherChannel. It assigns two ports on stack
member 2 and one port on stack member 3 to channel 7 using LACP active mode:
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
111
Configuring EtherChannels
Configuring LACP Hot-Standby Ports: Example
The following example shows the summary of EtherChannel that was created automatically.
device# show etherchannel auto
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
A - formed by Auto LAG
The following example shows the summary of auto EtherChannel after executing the port-channel 1 persistent
command.
device# port-channel 1 persistent
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
112
Configuring EtherChannels
Additional References for EtherChannels
Standard/RFC Title
None —
MIBs
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
113
Configuring EtherChannels
Feature Information for EtherChannels
Technical Assistance
Description Link
The Cisco Support website provides extensive online resources, including http://www.cisco.com/support
documentation and tools for troubleshooting and resolving technical issues
with Cisco products and technologies.
To receive security and technical information about your products, you can
subscribe to various services, such as the Product Alert Tool (accessed from
Field Notices), the Cisco Technical Services Newsletter, and Really Simple
Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website requires a Cisco.com user
ID and password.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
114
CHAPTER 5
Configuring Resilient Ethernet Protocol
• Finding Feature Information, on page 115
• Resilient Ethernet Protocol Overview, on page 115
• How to Configure Resilient Ethernet Protocol, on page 120
• Monitoring Resilient Ethernet Protocol Configurations, on page 129
• Additional References for REP, on page 130
• Feature Information for Resilient Ethernet Protocol , on page 131
Note The feature is supported on Cisco Catalyst Series Switches with the Network Essentials license.
Note REP configuration on downlink ports is supported starting with Cisco IOS XE Fuji 16.9.1.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
115
Configuring Resilient Ethernet Protocol
Resilient Ethernet Protocol Overview
REP segment is a chain of ports connected to each other and configured with a segment ID. Each segment
consists of standard (non-edge) segment ports and two user-configured edge ports. A switch can have no more
than two ports that belong to the same segment, and each segment port can have only one external neighbor.
A segment can go through a shared medium, but on any link, only two ports can belong to the same segment.
REP is supported only on Trunk ports.
The figure below shows an example of a segment consisting of six ports spread across four switches. Ports
E1 and E2 are configured as edge ports. When all ports are operational (as in the segment on the left), a single
port is blocked, shown by the diagonal line. This blocked port is also known as the Alternate port (ALT port).
When there is a failure in the network, the blocked port returns to the forwarding state to minimize network
disruption.
Figure 22: REP Open Segment
The segment shown in the figure above is an open segment; there is no connectivity between the two edge
ports. The REP segment cannot cause a bridging loop, and you can safely connect the segment edges to any
network. All hosts connected to switches inside the segment have two possible connections to the rest of the
network through the edge ports, but only one connection is accessible at any time. If a failure occurs on any
segment or on any port on a REP segment, REP unblocks the ALT port to ensure that connectivity is available
through the other gateway.
The segment below is a closed segment, also known as Ring Segment, with both edge ports located on the
same router. With this configuration, you can create a redundant connection between any two routers in the
segment.
Figure 23: REP Ring Segment
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
116
Configuring Resilient Ethernet Protocol
Link Integrity
• If a port is not operational, and cause a link failure, all ports forward traffic on all VLANs to ensure
connectivity.
• In case of a link failure, alternate ports are unblocked as quickly as possible. When the failed link is
restored, a logically blocked port per VLAN is selected with minimal disruption to the network.
You can construct almost any type of network based on REP segments.
In access ring topologies, the neighboring switch might not support REP as shown in the figure below. In this
case, you can configure the non-REP facing ports (E1 and E2) as edge no-neighbor ports. The edge no-neighbor
port can be configured to send an STP topology change notice (TCN) towards the aggregation switch.
Figure 24: Edge No-Neighbor Ports
Link Integrity
REP does not use an end-to-end polling function between edge ports to verify link integrity. It implements
local link failure detection. The REP Link Status Layer (LSL) detects its REP-aware neighbor and establishes
connectivity within the segment. All the VLANs are blocked on an interface until the neighbor is detected.
After the neighbor is identified, REP determines which neighbor port should become the alternate port and
which ports should forward traffic.
Each port in a segment has a unique port ID. The port ID format is similar to that used by the spanning tree
algorithm: a port number (unique on the bridge) associated to a MAC address (unique in the network). When
a segment port is coming up, its LSL starts sending packets that include the segment ID and the port ID. The
port is declared as operational after it performs a three-way handshake with a neighbor in the same segment.
A segment port does not become operational if:
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
117
Configuring Resilient Ethernet Protocol
Fast Convergence
Each port creates an adjacency with its immediate neighbor. After the neighbor adjacencies are created, the
ports negotiate with each other to determine the blocked port for the segment, which will function as the
alternate port. All the other ports become unblocked. By default, REP packets are sent to a bridge protocol
data unit-class MAC address. The packets can also be sent to a Cisco multicast address, which is used only
to send blocked port advertisement (BPA) messages when there is a failure in the segment. The packets are
dropped by the devices not running REP.
Fast Convergence
REP runs on a physical link basis and not on a per-VLAN basis. Only one hello message is required for all
the VLANs, and this reduces the load on the protocol. We recommend that you create VLANs consistently
on all the switches in a given segment and configure the same allowed VLANs on the REP trunk ports. To
avoid the delay introduced by relaying messages in software, REP also allows some packets to be flooded to
a regular multicast address. These messages operate at the hardware flood layer (HFL) and are flooded to the
entire network, not just the REP segment. Switches that do not belong to the segment treat them as data traffic.
You can control flooding of these messages by configuring an administrative VLAN for the entire domain or
for a particular segment.
Note Configure offset numbers on the primary edge port by identifying a port’s
downstream position from the primary (or secondary) edge port. Never enter an
offset value of 1 because that is the offset number of the primary edge port.
The following figure shows neighbor offset numbers for a segment, where E1 is the primary edge port
and E2 is the secondary edge port. The red numbers inside the ring are numbers offset from the primary
edge port; the black numbers outside of the ring show the offset numbers from the secondary edge port.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
118
Configuring Resilient Ethernet Protocol
Spanning Tree Interaction
Note that you can identify all the ports (except the primary edge port) by either a positive offset number
(downstream position from the primary edge port) or a negative offset number (downstream position
from the secondary edge port). If E2 became the primary edge port, its offset number would then be 1
and E1 would be -1.
Figure 25: Neighbor Offset Numbers in a Segment
When the REP segment is complete, all the VLANs are blocked. When you configure VLAN load balancing,
you must also configure triggers in one of two ways:
• Manually trigger VLAN load balancing at any time by entering the rep preempt segment segment-id
privileged EXEC command on the switch that has the primary edge port.
• Configure a preempt delay time by entering the rep preempt delay seconds interface configuration
command. After a link failure and recovery, VLAN load balancing begins after the configured preemption
time period elapses. Note that the delay timer restarts if another port fails before the time has elapsed.
Note When VLAN load balancing is configured, it does not start working until triggered by either manual intervention
or a link failure and recovery.
When VLAN load balancing is triggered, the primary edge port sends out a message to alert all the interfaces
in the segment about the preemption. When the secondary port receives the message, the message is sent to
the network to notify the alternate port to block the set of VLANs specified in the message and to notify the
primary edge port to block the remaining VLANs.
You can also configure a particular port in the segment to block all the VLANs. Only the primary edge port
initiates VLAN load balancing, which is not possible if the segment is not terminated by an edge port on each
end. The primary edge port determines the local VLAN load-balancing configuration.
Reconfigure the primary edge port to reconfigure load balancing. When you change the load-balancing
configuration, the primary edge port waits for the rep preempt segment command or for the configured
preempt delay period after a port failure and recovery, before executing the new configuration. If you change
an edge port to a regular segment port, the existing VLAN load-balancing status does not change. Configuring
a new edge port might cause a new topology configuration.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
119
Configuring Resilient Ethernet Protocol
REP Ports
To migrate from an STP ring configuration to REP segment configuration, begin by configuring a single port
in the ring as part of the segment and continue by configuring contiguous ports to minimize the number of
segments. Each segment always contains a blocked port, so multiple segments means multiple blocked ports
and a potential loss of connectivity. When the segment has been configured in both directions up to the location
of the edge ports, you then configure the edge ports.
REP Ports
REP segments consist of Failed, Open, or Alternate ports:
• A port configured as a regular segment port starts as a failed port.
• After the neighbor adjacencies are determined, the port transitions to alternate port state, blocking all the
VLANs on the interface. Blocked-port negotiations occur, and when the segment settles, one blocked
port remains in the alternate role and all the other ports become open ports.
• When a failure occurs in a link, all the ports move to the Failed state. When the Alternate port receives
the failure notification, it changes to the Open state, forwarding all the VLANs.
A regular segment port converted to an edge port, or an edge port converted to a regular segment port, does
not always result in a topology change. If you convert an edge port into a regular segment port, VLAN load
balancing is not implemented unless it has been configured. For VLAN load balancing, you must configure
two edge ports in the segment.
A segment port that is reconfigured as a spanning tree port restarts according to the spanning tree configuration.
By default, this is a designated blocking port. If PortFast is configured or if STP is disabled, the port goes
into the forwarding state.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
120
Configuring Resilient Ethernet Protocol
REP Configuration Guidelines
• REP interfaces come up in a blocked state and remain in a blocked state until they are safe to be unblocked.
You need to be aware of this status to avoid sudden connection losses.
• REP sends all LSL PDUs in untagged frames on the native VLAN. The BPA message sent to the Cisco
multicast address is sent on the administration VLAN, which is VLAN 1 by default.
• You can configure how long a REP interface remains up without receiving a hello from a neighbor. You
can use the rep lsl-age-timer value interface configuration command to set the time from 120 ms to
10000 ms. The LSL hello timer is then set to the age-timer value divided by 3. In normal operation, three
LSL hellos are sent before the age timer on the peer switch expires and checks for hello messages.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
121
Configuring Resilient Ethernet Protocol
Configuring REP Administrative VLAN
• EtherChannel port channel interfaces do not support LSL age-timer values less than 1000 ms. If
you try to configure a value less than 1000 ms on a port channel, you receive an error message and
the command is rejected.
• REP is supported on EtherChannels, but not on an individual port that belongs to an EtherChannel.
• There can be a maximum of 26 REP segments per switch.
To configure the REP administrative VLAN, follow these steps, beginning in privileged EXEC mode:
SUMMARY STEPS
1. configure terminal
2. rep admin vlan vlan-id
3. end
4. show interface [interface-id] rep detail
5. copy running-config startup config
DETAILED STEPS
Step 2 rep admin vlan vlan-id Specifies the administrative VLAN. The range is from 2 to
4094.
Example:
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
122
Configuring Resilient Ethernet Protocol
Configuring a REP Interface
Step 4 show interface [interface-id] rep detail (Optional) Verifies the configuration on a REP interface.
Example:
Device# show interface gigabitethernet1/1 rep
detail
Step 5 copy running-config startup config (Optional) Saves your entries in the switch startup
configuration file.
Example:
Device# copy running-config startup config
SUMMARY STEPS
1. enable
2. configure terminal
3. interface interface-id
4. switchport mode trunk
5. rep segment segment-id [edge [no-neighbor] [primary]] [preferred]
6. rep stcn {interface interface id | segment id-list | stp}
7. rep block port {id port-id | neighbor-offset | preferred} vlan {vlan-list | all}
8. rep preempt delay seconds
9. rep lsl-age-timer value
10. end
11. show interface [interface-id] rep [detail]
12. copy running-config startup-config
DETAILED STEPS
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
123
Configuring Resilient Ethernet Protocol
Configuring a REP Interface
Device> enable
Step 3 interface interface-id Specifies the interface, and enters interface configuration
mode. The interface can be a physical Layer 2 interface or
Example:
a port channel (logical interface).
Device# interface gigabitethernet1/1
Step 4 switchport mode trunk Configures the interface as a Layer 2 trunk port.
Example:
Device# switchport mode trunk
Step 5 rep segment segment-id [edge [no-neighbor] Enables REP on the interface and identifies a segment
[primary]] [preferred] number. The segment ID range is from 1 to 1024.
Example: Note You must configure two edge ports, including
Device# rep segment 1 edge no-neighbor primary one primary edge port, for each segment.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
124
Configuring Resilient Ethernet Protocol
Configuring a REP Interface
Step 6 rep stcn {interface interface id | segment id-list | stp} (Optional) Configures the edge port to send segment
topology change notices (STCNs).
Example:
Device# rep stcn segment 25-50 • interface interface-id—Designates a physical
interface or port channel to receive STCNs.
• segment id-list—Identifies one or more segments to
receive STCNs. The range is from 1 to 1024.
• stp—Sends STCNs to STP networks.
Step 7 rep block port {id port-id | neighbor-offset | preferred} (Optional) Configures VLAN load balancing on the
vlan {vlan-list | all} primary edge port, identifies the REP alternate port in one
of three ways (id port-id, neighbor_offset, preferred), and
Example:
configures the VLANs to be blocked on the alternate port.
Device# rep block port id 0009001818D68700 vlan
1-100 • id port-id—Identifies the alternate port by port ID.
The port ID is automatically generated for each port
in the segment. You can view interface port IDs by
entering the show interface type number rep [detail]
privileged EXEC command.
• neighbor_offset—Number to identify the alternate
port as a downstream neighbor from an edge port.
The range is from -256 to 256, with negative numbers
indicating the downstream neighbor from the
secondary edge port. A value of 0 is invalid. Enter -1
to identify the secondary edge port as the alternate
port.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
125
Configuring Resilient Ethernet Protocol
Configuring a REP Interface
Step 8 rep preempt delay seconds (Optional) Configures a preempt time delay.
Example: • Use this command if you want VLAN load balancing
Device# rep preempt delay 100 to be automatically triggered after a link failure and
recovery.
• The time delay range is between15 to 300 seconds.
The default is manual preemption with no time delay.
Step 9 rep lsl-age-timer value (Optional) Configures a time (in milliseconds) for which
the REP interface remains up without receiving a hello
Example:
from a neighbor.
Device# rep lsl-age-timer 2000
The range is from 120 to 10000 ms in 40-ms increments.
The default is 5000 ms (5 seconds).
Note • EtherChannel port channel interfaces do
not support LSL age-timer values that are
less than 1000 ms.
• Both the ports on the link should have the
same LSL age configured in order to avoid
link flaps.
Step 11 show interface [interface-id] rep [detail] (Optional) Displays the REP interface configuration.
Example:
Device(config)# show interface gigabitethernet1/1
rep detail
Step 12 copy running-config startup-config (Optional) Saves your entries in the router startup
configuration file.
Example:
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
126
Configuring Resilient Ethernet Protocol
Setting Manual Preemption for VLAN Load Balancing
SUMMARY STEPS
1. enable
2. configure terminal
3. rep preempt segment segment-id
4. show rep topology segment segment-id
5. end
DETAILED STEPS
Device> enable
Step 3 rep preempt segment segment-id Manually triggers VLAN load balancing on the segment.
Example: You need to confirm the command before it is executed.
Step 4 show rep topology segment segment-id (Optional) Displays REP topology information.
Example:
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
127
Configuring Resilient Ethernet Protocol
Configuring SNMP Traps for REP
SUMMARY STEPS
1. configure terminal
2. snmp mib rep trap-rate value
3. end
4. show running-config
5. copy running-config startup-config
DETAILED STEPS
Step 2 snmp mib rep trap-rate value Enables the switch to send REP traps, and sets the number
of traps sent per second.
Example:
Device(config)# snmp mib rep trap-rate 500 • Enter the number of traps sent per second. The range
is from 0 to 1000. The default is 0 (no limit is imposed;
a trap is sent at every occurrence).
Device(config)# end
Step 4 show running-config (Optional) Displays the running configuration, which can
be used to verify the REP trap configuration.
Example:
Step 5 copy running-config startup-config (Optional) Saves your entries in the switch startup
configuration file.
Example:
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
128
Configuring Resilient Ethernet Protocol
Monitoring Resilient Ethernet Protocol Configurations
This is an example of the output for the show interface [interface-id] rep [detail] command. For
this display, the REP configuration and status on an uplink port is shown.
Device# show interfaces TenGigabitEthernet4/1 rep detail
This is an example of the output for the show interface [interface-id] rep [detail] command. For
this display, the REP configuration and status on a downlink port is shown.
Device#show interface TenGigabitEthernet5/0/27 rep detail
TenGigabitEthernet5/0/27 REP enabled
Segment-id: 1 (Segment)
PortID: 019B380E4D9ACAC0
Preferred flag: No
Operational Link Status: NO_NEIGHBOR
Current Key: 019B380E4D9ACAC0696B
Port Role: Fail No Ext Neighbor
Blocked VLAN: 1-4094
Admin-vlan: 1
Preempt Delay Timer: 100 sec
LSL Ageout Timer: 2000 ms
LSL Ageout Retries: 5
Configured Load-balancing Block Port: 09E9380E4D9ACAC0
Configured Load-balancing Block VLAN: 1-100
STCN Propagate to: segment 25
LSL PDU rx: 292, tx: 340
HFL PDU rx: 0, tx: 0
BPA TLV rx: 0, tx: 0
BPA (STCN, LSL) TLV rx: 0, tx: 0
BPA (STCN, HFL) TLV rx: 0, tx: 0
EPA-ELECTION TLV rx: 0, tx: 0
EPA-COMMAND TLV rx: 0, tx: 0
EPA-INFO TLV rx: 0, tx: 0
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
129
Configuring Resilient Ethernet Protocol
Additional References for REP
This is an example for the show rep topology [segment segment-id] [archive ] [detail] command.
For this display, the REP topology information for all the segments is shown.
Device# show rep topology
REP Segment 1
BridgeName PortName Edge Role
---------------- ---------- ---- ----
10.64.106.63 Te5/4 Pri Open
10.64.106.228 Te3/4 Open
10.64.106.228 Te3/3 Open
10.64.106.67 Te4/3 Open
10.64.106.67 Te4/4 Alt
10.64.106.63 Te4/4 Sec Open
REP Segment 3
BridgeName PortName Edge Role
---------------- ---------- ---- ----
10.64.106.63 Gi50/1 Pri Open
SVT_3400_2 Gi0/3 Open
SVT_3400_2 Gi0/4 Open
10.64.106.68 Gi40/2 Open
10.64.106.68 Gi40/1 Open
10.64.106.63 Gi50/2 Sec Alt
MIBs
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
130
Configuring Resilient Ethernet Protocol
Feature Information for Resilient Ethernet Protocol
Technical Assistance
Description Link
The Cisco Support website provides extensive online resources, including http://www.cisco.com/support
documentation and tools for troubleshooting and resolving technical issues
with Cisco products and technologies.
To receive security and technical information about your products, you can
subscribe to various services, such as the Product Alert Tool (accessed from
Field Notices), the Cisco Technical Services Newsletter, and Really Simple
Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website requires a Cisco.com user
ID and password.
Resilient Ethernet Protocol Cisco IOS XE Everest 16.6.1 This feature was introduced.
Resilient Ethernet Protocol Cisco IOS XE Fuji 16.9.1 Support for REP configuration on downlink
ports was introduced.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
131
Configuring Resilient Ethernet Protocol
Feature Information for Resilient Ethernet Protocol
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
132
CHAPTER 6
Configuring UniDirectional Link Detection
• Finding Feature Information, on page 133
• Restrictions for Configuring UDLD, on page 133
• Information About UDLD, on page 134
• How to Configure UDLD, on page 136
• Monitoring and Maintaining UDLD, on page 138
• Additional References for UDLD, on page 138
• Feature Information for UDLD, on page 139
Caution Loop guard works only on point-to-point links. We recommend that each end of the link has a directly connected
device that is running STP.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
133
Configuring UniDirectional Link Detection
Information About UDLD
Modes of Operation
UDLD supports two modes of operation: normal (the default) and aggressive. In normal mode, UDLD can
detect unidirectional links due to misconnected ports on fiber-optic connections. In aggressive mode, UDLD
can also detect unidirectional links due to one-way traffic on fiber-optic and twisted-pair links and to
misconnected ports on fiber-optic links.
In normal and aggressive modes, UDLD works with the Layer 1 mechanisms to learn the physical status of
a link. At Layer 1, autonegotiation takes care of physical signaling and fault detection. UDLD performs tasks
that autonegotiation cannot perform, such as detecting the identities of neighbors and shutting down
misconnected ports. When you enable both autonegotiation and UDLD, the Layer 1 and Layer 2 detections
work together to prevent physical and logical unidirectional connections and the malfunctioning of other
protocols.
A unidirectional link occurs whenever traffic sent by a local device is received by its neighbor but traffic from
the neighbor is not received by the local device.
Normal Mode
In normal mode, UDLD detects a unidirectional link when fiber strands in a fiber-optic port are misconnected
and the Layer 1 mechanisms do not detect this misconnection. If the ports are connected correctly but the
traffic is one way, UDLD does not detect the unidirectional link because the Layer 1 mechanism, which is
supposed to detect this condition, does not do so. In this case, the logical link is considered undetermined,
and UDLD does not disable the port.
When UDLD is in normal mode, if one of the fiber strands in a pair is disconnected, as long as autonegotiation
is active, the link does not stay up because the Layer 1 mechanisms detects a physical problem with the link.
In this case, UDLD does not take any action and the logical link is considered undetermined.
Aggressive Mode
In aggressive mode, UDLD detects a unidirectional link by using the previous detection methods. UDLD in
aggressive mode can also detect a unidirectional link on a point-to-point link on which no failure between the
two devices is allowed. It can also detect a unidirectional link when one of these problems exists:
• On fiber-optic or twisted-pair links, one of the ports cannot send or receive traffic.
• On fiber-optic or twisted-pair links, one of the ports is down while the other is up.
• One of the fiber strands in the cable is disconnected.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
134
Configuring UniDirectional Link Detection
Methods to Detect Unidirectional Links
In a point-to-point link, UDLD hello packets can be considered as a heart beat whose presence guarantees the
health of the link. Conversely, the loss of the heart beat means that the link must be shut down if it is not
possible to reestablish a bidirectional link.
If both fiber strands in a cable are working normally from a Layer 1 perspective, UDLD in aggressive mode
detects whether those fiber strands are connected correctly and whether traffic is flowing bidirectionally
between the correct neighbors. This check cannot be performed by autonegotiation because autonegotiation
operates at Layer 1.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
135
Configuring UniDirectional Link Detection
Default UDLD Configuration
• The no udld port interface configuration command followed by the udld port [aggressive] interface
configuration command reenables the disabled fiber-optic port.
• The errdisable recovery cause udld global configuration command enables the timer to automatically
recover from the UDLD error-disabled state, and the errdisable recovery interval interval global
configuration command specifies the time to recover from the UDLD error-disabled state.
UDLD per-port enable state for fiber-optic media Disabled on all Ethernet fiber-optic ports
UDLD per-port enable state for twisted-pair (copper) Disabled on all Ethernet 10/100 and 1000BASE-TX
media ports
SUMMARY STEPS
1. configure terminal
2. udld {aggressive | enable | message time message-timer-interval}
3. end
DETAILED STEPS
Step 2 udld {aggressive | enable | message time Specifies the UDLD mode of operation:
message-timer-interval}
• aggressive—Enables UDLD in aggressive mode on
Example: all fiber-optic ports.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
136
Configuring UniDirectional Link Detection
Enabling UDLD on an Interface
Device(config)# end
SUMMARY STEPS
1. configure terminal
2. interface interface-id
3. udld port [aggressive]
4. end
DETAILED STEPS
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
137
Configuring UniDirectional Link Detection
Monitoring and Maintaining UDLD
Device(config-if)# end
Standard/RFC Title
None —
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
138
Configuring UniDirectional Link Detection
Feature Information for UDLD
MIBs
Technical Assistance
Description Link
The Cisco Support website provides extensive online resources, including http://www.cisco.com/support
documentation and tools for troubleshooting and resolving technical issues
with Cisco products and technologies.
To receive security and technical information about your products, you can
subscribe to various services, such as the Product Alert Tool (accessed from
Field Notices), the Cisco Technical Services Newsletter, and Really Simple
Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website requires a Cisco.com user
ID and password.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
139
Configuring UniDirectional Link Detection
Feature Information for UDLD
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
140
CHAPTER 7
Configuring IEEE 802.1Q Tunneling
• Information About IEEE 802.1Q Tunneling, on page 141
• How to Configure IEEE 802.1Q Tunneling, on page 145
• Monitoring Tunneling Status, on page 148
• Example: Configuring an IEEE 802.1Q Tunneling Port, on page 148
• Feature History and Information for IEEE 802.1Q Tunneling, on page 149
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
141
Configuring IEEE 802.1Q Tunneling
IEEE 802.1Q Tunnel Ports in a Service Provider Network
Packets coming from the customer trunk port into the tunnel port on the service-provider edge device are
normally IEEE 802.1Q-tagged with the appropriate VLAN ID. The tagged packets remain intact inside the
device and when they exit the trunk port into the service-provider network, they are encapsulated with another
layer of an IEEE 802.1Q tag (called the metro tag) that contains the VLAN ID that is unique to the customer.
The original customer IEEE 802.1Q tag is preserved in the encapsulated packet. Therefore, packets entering
the service-provider network are double-tagged, with the outer (metro) tag containing the customer’s access
VLAN ID, and the inner VLAN ID being that of the incoming traffic.
When the double-tagged packet enters another trunk port in a service-provider core device, the outer tag is
stripped as the device processes the packet. When the packet exits another trunk port on the same core device,
the same metro tag is again added to the packet.
Figure 27: Original (Normal), IEEE 802.1Q, and Double-Tagged Ethernet Packet Formats
When the packet enters the trunk port of the service-provider egress device, the outer tag is again stripped as
the device internally processes the packet. However, the metro tag is not added when the packet is sent out
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
142
Configuring IEEE 802.1Q Tunneling
Native VLANs
the tunnel port on the edge device into the customer network. The packet is sent as a normal IEEE
802.1Q-tagged frame to preserve the original VLAN numbers in the customer network.
In the above network figure, Customer A was assigned VLAN 30, and Customer B was assigned VLAN 40.
Packets entering the edge device tunnel ports with IEEE 802.1Q tags are double-tagged when they enter the
service-provider network, with the outer tag containing VLAN ID 30 or 40, appropriately, and the inner tag
containing the original VLAN number, for example, VLAN 100. Even if both Customers A and B have VLAN
100 in their networks, the traffic remains segregated within the service-provider network because the outer
tag is different. Each customer controls its own VLAN numbering space, which is independent of the VLAN
numbering space used by other customers and the VLAN numbering space used by the service-provider
network.
At the outbound tunnel port, the original VLAN numbers on the customer’s network are recovered. It is
possible to have multiple levels of tunneling and tagging, but the device supports only one level in this release.
If traffic coming from a customer network is not tagged (native VLAN frames), these packets are bridged or
routed as normal packets. All packets entering the service-provider network through a tunnel port on an edge
device are treated as untagged packets, whether they are untagged or already tagged with IEEE 802.1Q headers.
The packets are encapsulated with the metro tag VLAN ID (set to the access VLAN of the tunnel port) when
they are sent through the service-provider network on an IEEE 802.1Q trunk port. The priority field on the
metro tag is set to the interface class of service (CoS) priority configured on the tunnel port. (The default is
zero if none is configured.)
On devices, because 802.1Q tunneling is configured on a per-port basis, it does not matter whether the device
is a standalone device or a stack member. All configuration is done on the stack master.
Native VLANs
When configuring IEEE 802.1Q tunneling on an edge device, you must use IEEE 802.1Q trunk ports for
sending packets into the service-provider network. However, packets going through the core of the
service-provider network can be carried through IEEE 802.1Q trunks, ISL trunks, or nontrunking links. When
IEEE 802.1Q trunks are used in these core devices, the native VLANs of the IEEE 802.1Q trunks must not
match any native VLAN of the nontrunking (tunneling) port on the same device because traffic on the native
VLAN would not be tagged on the IEEE 802.1Q sending trunk port.
In the following network figure, VLAN 40 is configured as the native VLAN for the IEEE 802.1Q trunk port
from Customer X at the ingress edge device in the service-provider network (Device B). Device A of Customer
X sends a tagged packet on VLAN 30 to the ingress tunnel port of Device B in the service-provider network,
which belongs to access VLAN 40. Because the access VLAN of the tunnel port (VLAN 40) is the same as
the native VLAN of the edge device trunk port (VLAN 40), the metro tag is not added to tagged packets
received from the tunnel port. The packet carries only the VLAN 30 tag through the service-provider network
to the trunk port of the egress-edgedevice (Device C) and is misdirected through the egress device tunnel port
to Customer Y.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
143
Configuring IEEE 802.1Q Tunneling
System MTU
Figure 28: Potential Problems with IEEE 802.1Q Tunneling and Native VLANs
System MTU
The default system MTU for traffic on the device is 1500 bytes.
You can configure 10-Gigabit and Gigabit Ethernet ports to support frames larger than 1500 bytes by using
the system mtu bytes global configuration command.
The system MTU and system jumbo MTU values do not include the IEEE 802.1Q header. Because the IEEE
802.1Q tunneling feature increases the frame size by 4 bytes when the metro tag is added, you must configure
all devices in the service-provider network to be able to process maximum frames by adding 4 bytes to the
system MTU size.
For example, the device supports a maximum frame size of 1496 bytes with this configuration: The device
has a system MTU value of 1500 bytes, and the switchport mode dot1q tunnel interface configuration
command is configured on a 10-Gigabit or Gigabit Ethernet device port.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
144
Configuring IEEE 802.1Q Tunneling
Default IEEE 802.1Q Tunneling Configuration
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
145
Configuring IEEE 802.1Q Tunneling
How to Configure IEEE 802.1Q Tunneling
SUMMARY STEPS
1. enable
2. configure terminal
3. interface interface-id
4. switchport access vlan vlan-id
5. switchport mode dot1q-tunnel
6. exit
7. vlan dot1q tag native
8. end
9. Use one of the following:
• show dot1q-tunnel
• show running-config interface
10. show vlan dot1q tag native
11. copy running-config startup-config
DETAILED STEPS
Device> enable
Step 3 interface interface-id Enters interface configuration mode for the interface to be
configured as a tunnel port. This should be the edge port
Example:
in the service-provider network that connects to the
customer device. Valid interfaces include physical
Device(config)# interface gigabitethernet2/0/1
interfaces and port-channel logical interfaces (port channels
1 to 48).
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
146
Configuring IEEE 802.1Q Tunneling
How to Configure IEEE 802.1Q Tunneling
Step 5 switchport mode dot1q-tunnel Sets the interface as an IEEE 802.1Q tunnel port.
Example: Note Use the no switchport mode dot1q-tunnel
interface configuration command to return the
Device(config-if)# switchport mode dot1q-tunnel port to the default state of dynamic desirable.
Device(config-if)# exit
Step 7 vlan dot1q tag native (Optional) Sets the device to enable tagging of native
VLAN packets on all IEEE 802.1Q trunk ports. When not
Example:
set, and a customer VLAN ID is the same as the native
VLAN, the trunk port does not apply a metro tag, and
Device(config)# vlan dot1q tag native
packets could be sent to the wrong destination.
Note Use theno vlan dot1q tag native global
configuration command to disable tagging of
native VLAN packets.
Device(config)# end
Step 9 Use one of the following: Displays the ports configured for IEEE 802.1Q tunneling.
• show dot1q-tunnel Displays the ports that are in tunnel mode.
• show running-config interface
Example:
or
Step 10 show vlan dot1q tag native Displays IEEE 802.1Q native VLAN tagging status.
Example:
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
147
Configuring IEEE 802.1Q Tunneling
Monitoring Tunneling Status
Step 11 copy running-config startup-config (Optional) Saves your entries in the configuration file.
Example:
Command Purpose
show vlan dot1q tag native Displays the status of native VLAN tagging on the
device.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
148
Configuring IEEE 802.1Q Tunneling
Feature History and Information for IEEE 802.1Q Tunneling
Release Modification
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
149
Configuring IEEE 802.1Q Tunneling
Feature History and Information for IEEE 802.1Q Tunneling
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
150
CHAPTER 8
Configuring VXLAN BGP EVPN
• Information About VXLAN BGP EVPN, on page 151
• Guidelines and Limitations for VXLAN BGP EVPN, on page 152
• Considerations for VXLAN BGP EVPN deployment, on page 152
• Configuring VXLAN BGP EVPN, on page 155
• Examples of VXLAN BGP EVPN (EBGP), on page 174
• Feature History and Information for VXLAN BGP EVPN, on page 186
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
151
Configuring VXLAN BGP EVPN
Guidelines and Limitations for VXLAN BGP EVPN
One of the biggest limitations of VXLAN flood-n-learn is the inherent flooding that is required ensuring that
learning happens at the VTEPs. In a traditional deployment, a layer-2 segment is represented with a VLAN
that comprises a broadcast domain, which also scopes BU traffic. With VXLAN, now the layer-2 segment
spans a much larger boundary across an IP core where floods are translated to IP multicast (or HER).
Consequently, the flood-n-learn based scheme presents serious scale challenges especially as the number of
end hosts go up. This is addressed via learning using a control-plane for distribution of end host addresses.
The control plane of choice is BGP EVPN.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
152
Configuring VXLAN BGP EVPN
Considerations for VXLAN BGP EVPN deployment
• To establish IP multicast routing in the core, IP multicast configuration, PIM configuration, and RP
configuration are required.
• VTEP to VTEP unicast reachability can be configured through any IGP/BGP protocol.
• If the anycast gateway feature is enabled for a specific VNI, then the anycast gateway feature must be
enabled on all VTEPs that have that VNI configured. Having the anycast gateway feature configured on
only some of the VTEPs enabled for a specific VNI is not supported.
• It is a requirement when changing the primary or secondary IP address of the NVE source interfaces to
shut the NVE interface before changing the IP address.
• As a best practice, the RP for the multicast group should be configured only on the spine layer. Usethe
anycast RP for RP load balancing and redundancy.
• Every tenant VRF needs a VRF overlay, VLAN and SVI for VXLAN routing.
• The following considerations need to be taken into account with eBGP use case:
• Manual configuration of the Route Targets (RT) is required. RT must be matching between the
VTEPs for a given EVPN instance (EVI).
• The retain route-target all BGP knob must be enabled on the Spine nodes under BGP routing
process
• The set ip next-hop unchanged BGP knob must be enabled on Spine nodes to set next hop for
EVPN routes to the proper VTEP node.
• Peering between VTEPs can be achieved to multiple Spine nodes to achieve redundancy.
• In case of a scoped configuration, not all L2 VNIs need to be enabled on all VTEP switches. They will
only be enabled as needed on a given VTEP.
• Route Distinguishers (RD) need to be unique per IP VRF (L3 VNI). Route Targets (RT) must match for
a given IP VRF (L3 VNI) . There is no auto-generation neither for RD or RT for the case of IP VRF (L3
VNI).
• All VTEP switches need not be configured with same L2 VNIs unless in the scoped configuration. Access
VLANs are the VLANs connected to hosts. Access SVIs must have an IP address with the same subnet
as the hosts the VLAN is connected to. For AnyCast Gateway support, Access SVIs of the same VLAN
should have the same IP and MAC addresses in all VTEPs.
• It is important to configure additional L3 VNIs on all VTEP nodes where Inter-VxLAN communication
is needed.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
153
Configuring VXLAN BGP EVPN
Network considerations for VXLAN deployments
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
154
Configuring VXLAN BGP EVPN
Configuring VXLAN BGP EVPN
• Advertise the loopback interface /32 addresses through the routing protocol (static route) that runs
in the transport network.
• Enable IP multicast on the uplink outgoing physical interface.
Note This configuration is applicable to Cisco Nexus Series Switches and is not applicable to Cisco Catalyst 9000
Family Switches.
SUMMARY STEPS
1. enable
2. configure terminal
3. ip pim rp-address rp-address group-list prefix
4. ip pim rp-candidate loopback if_number group-list prefix
5. ip pim ssm range groups
6. ip pim anycast-rp rp-address anycast-rp-peer-address
7. interface loopback number
8. ip address ip address
9. ip pim sparse-mode
10. exit
11. interface port-channel channel-number
12. mtu bytes
13. medium p2p
14. ip address ip-address mask
15. ip pim sparse-mode
16. exit
DETAILED STEPS
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
155
Configuring VXLAN BGP EVPN
Configuring Underlay Transport (Unicast and Multicast) between the VTEPs and the Spines
Step 3 ip pim rp-address rp-address group-list prefix Configures a PIM static route processor (RP) address for
a multicast group range and specifies a group range for a
Example:
static RP.
Device(config)# ip pim rp-address 100.1.1.1
group-list 239.0.0.0/8
Step 4 ip pim rp-candidate loopback if_number group-list Configures a PIM address as a RP candidate. Specifies the
prefix loopkback interface. Specifies a group range handled by
the RP.
Example:
Device(config)# ip pim rp-candidate loopback1
group-list 239.0.0.0/8
Step 5 ip pim ssm range groups Configures a group range for SSM.
Example:
Device(config)# ip pim ssm range 232.0.0.0/8
Step 6 ip pim anycast-rp rp-address anycast-rp-peer-address Configures PIM Anycast-RP peer for the specified
Anycast-RP address.
Example:
Device(config)# ip pim anycast-rp 100.1.1.1
10.1.1.1
Step 7 interface loopback number Creates a loopback interface and enters interface
configuration mode.
Example:
Device(config)# interface loopback0
Step 9 ip pim sparse-mode Enables Protocol Independent Multicast (PIM) sparse mode
on an interface.
Example:
Device(config-if)# ip pim sparse-mode
Step 11 interface port-channel channel-number Specifies the port-channel interface to configure, and enters
the interface configuration mode.
Example:
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
156
Configuring VXLAN BGP EVPN
Configuring the VTEP
Step 15 ip pim sparse-mode Enables Protocol Independent Multicast (PIM) sparse mode
on an interface.
Example:
Device(config-if)# ip pim sparse-mode
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
157
Configuring VXLAN BGP EVPN
Configuring the VTEP
DETAILED STEPS
Step 4 ip pim rp-address rp-address Configures a PIM static route processor (RP) address for
a multicast group range. The rp address used in this step
Example:
should be the same one used on the spine.
Device(config)# ip pim rp-address 100.1.1.1
Step 6 interface loopback number Creates a loopback interface and enters interface
configuration mode. This loopback interface is assinged
Example:
to the NVE interface.
Device(config)# interface Loopback0
Step 8 ip pim sparse-mode Enables Protocol Independent Multicast (PIM) sparse mode
on an interface.
Example:
Device(config-if)# ip pim sparse-mode
Step 10 interface loopback number Creates a loopback interface and enters interface
configuration mode. This loopback interface is assinged
Example:
to the L3 VNI.
Device(config)# interface Loopback2
Step 11 ip vrf forwarding vrf name Associates the VRF with the Layer 3 interface.
Example:
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
158
Configuring VXLAN BGP EVPN
Configuring eBGP on the Spine:
Note This configuration is applicable to Cisco Nexus Series Switches and is not applicable to Cisco Catalyst 9000
Family Switches.
SUMMARY STEPS
1. enable
2. configure terminal
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
159
Configuring VXLAN BGP EVPN
Configuring eBGP on the Spine:
3. ip prefix-list name [seq number] {permit | deny} prefix [eq length] | [ge length] | [le
length]]
4. route-map name{permit|deny}[sequence-number]
5. set ip next-hop unchanged
6. exit
7. route-map name {permit | deny} [sequence number]
8. match ip address prefix-list name [name]
9. exit
10. router bgp number
11. router id {router id}
12. bgp log-neighbor-changes
13. address-family ipv4 unicast
14. redistribute direct [route-map map-name]
15. exit
16. address-family l2vpn evpn
17. nexthop route-map name
18. retain route-target all
19. exit
20. neighbor vtep1 loopback address remote-as number
21. neighbor ip-address update-source interface-type interface-number
22. neighbor {ip address | peer-group-name} ebgp-multihop [ttl]
23. address-family ipv4 unicast
24. neighbor {ip address | peer-group-name} send-community both
25. soft-reconfiguration inbound
26. exit
27. address-family l2vpn evpn
28. neighbor {ip address | peer-group-name} send-community both
29. neighbor {ip address | peer-group-name} route-map map-name {in | out}
30. exit
DETAILED STEPS
Step 3 ip prefix-list name [seq number] {permit | deny} Creates a prefix list to match IP packets or routes against.
prefix [eq length] | [ge length] | [le length]]
Example:
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
160
Configuring VXLAN BGP EVPN
Configuring eBGP on the Spine:
Step 4 route-map name{permit|deny}[sequence-number] Creates the route map entry. Enters route-map
configuration mode.
Example:
Device(config)# route-map NH-UNCHANGED permit 10
Step 5 set ip next-hop unchanged Defines the route-map and applies outbound policy for
neighbour.
Example:
Device(config-route-map)# set ip next-hop
unchanged
Step 7 route-map name {permit | deny} [sequence Creates the route map entry. Enters route-map
number] configuration mode.
Example:
Device(config)# route-map any_prefix permit 10
Step 8 match ip address prefix-list name [name] Matches against one or more ip address prefix lists.
Example:
Device(config-route-map)# match ip address
prefix-list lo_prefix
Step 11 router id {router id} Specifies a fixed router ID in the router configuration
mode.
Example:
Device(config-router)# router-id 10.1.1.1
Step 13 address-family ipv4 unicast Enters address family configuration mode and Specifies
IP Version 4 unicast address prefixes.
Example:
Device(config-router)# address-family ipv4 unicast
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
161
Configuring VXLAN BGP EVPN
Configuring eBGP on the Spine:
Step 16 address-family l2vpn evpn Specifies the L2VPN address family and enters address
family configuration mode. The evpn keyword specifies
Example:
that EVPN endpoint provisioning information is to be
Device(config-router)# address-family l2vpn evpn distributed to BGP peers.
Step 17 nexthop route-map name Specifies that Border Gateway Protocol (BGP) routes are
resolved using only the next hops that have routes that
Example:
match specific characteristics.
Device(config-router-af)# nexthop route-map
NH-UNCHANGED
Step 18 retain route-target all Accepts received updates with specified route targets.
Example:
Device(config-router-af)# retain route-target all
Step 20 neighbor vtep1 loopback address remote-as number Adds an entry to the BGP or multiprotocol BGP neighbor
table in the router configuration mode.
Example:
Device(config-router)# neighbor 10.11.11.11
remote-as 2
Step 21 neighbor ip-address update-source interface-type Allows BGP sessions to use any operational interface for
interface-number TCP connections.
Example:
Device(config-router)# neighbor 10.11.11.11
update-source loopback0
Step 22 neighbor {ip address | peer-group-name} Allows BGP connections to external peers on networks
ebgp-multihop [ttl] that are not directly connected.
Example:
Device(config-router)# neighbor 10.11.11.11
ebgp-multihop 10
Step 23 address-family ipv4 unicast Enters address family configuration mode and Specifies
IP Version 4 unicast address prefixes.
Example:
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
162
Configuring VXLAN BGP EVPN
Configuring eBGP on the VTEP
Step 24 neighbor {ip address | peer-group-name} Specifies both standard and extended communities attribute
send-community both should be sent to a BGP neighbour.
Example:
Device(config-router-af)# neighbor 10.11.11.11
send-community both
Step 25 soft-reconfiguration inbound Configures the switch software to start storing BGP peer
updates.
Example:
Device(config-router-af)# soft-reconfiguration
inbound
Step 27 address-family l2vpn evpn Specifies the L2VPN address family and enters address
family configuration mode. The evpn keyword specifies
Example:
that EVPN endpoint provisioning information is to be
Device(config-router)# address-family l2vpn evpn distributed to BGP peers.
Step 28 neighbor {ip address | peer-group-name} Specifies both standard and extended communities attribute
send-community both should be sent to a BGP neighbour.
Example:
Device(config-router-af)# neighbor 10.11.11.11
send-community both
Step 29 neighbor {ip address | peer-group-name} route-map Applies the inbound route map to routes received from the
map-name {in | out} specified neighbor, or applies an outbound route map to
routes advertised to the specified neighbor.
Example:
Device(config-router-af)# neighbor 10.11.11.11
route-map NH-UNCHANGED out
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
163
Configuring VXLAN BGP EVPN
Configuring eBGP on the VTEP
5. bgp log-neighbor-changes
6. bgp graceful-restart
7. neighbor spine 1 loopback address remote-asnumber
8. neighbor {ip address | peer-group-name} ebgp-multihop [ttl]
9. neighbor {ip address | group-name} update-source interface
10. address-family ipv4
11. redistribute connected
12. neighbor ip-address activate
13. exit
14. address-family l2vpn evpn
15. neighbor ip-address activate
16. neighbor ip-address send-community both
17. maximum-paths number-of-paths
18. exit
19. address-family ipv4 vrf vrf-name
20. advertise l2vpn evpn
21. redistribute connected
22. exit
DETAILED STEPS
Step 4 bgp router-id interface loopback address Specifies loopback address as router address.
Example:
Device(config-router)# bgp router-id interface
Loopback0
Step 6 bgp graceful-restart Enables the BGP graceful restart capability for a BGP
neighbor.
Example:
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
164
Configuring VXLAN BGP EVPN
Configuring eBGP on the VTEP
Step 7 neighbor spine 1 loopback address remote-asnumber Defines MP-BGP neighbors. Under each neighbor define
l2vpn evpn.
Example:
Device(config-router)# neighbor 10.1.1.1 remote-as
1
Step 8 neighbor {ip address | peer-group-name} Allows BGP connections to external peers on networks
ebgp-multihop [ttl] that are not directly connected.
Example:
Device(config-router)# neighbor 10.1.1.1
ebgp-multihop 10
Step 9 neighbor {ip address | group-name} update-source Configures update source. Update source can be configured
interface per neighbor or per peer-group
Example:
Device(config-router)# neighbor 10.1.1.1
update-source Loopback0
Step 12 neighbor ip-address activate Enables the exchange information from a bgp neighbor
Example:
Device(config-router-af)# neighbor 10.1.1.1
activate
Step 14 address-family l2vpn evpn Specifies the L2VPN address family and enters address
family configuration mode.
Example:
Device(config-router)# address-family l2vpn evpn
Step 15 neighbor ip-address activate Enables the exchange information from a bgp neighbor
Example:
Device(config-router-af)# neighbor 10.1.1.1
activate
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
165
Configuring VXLAN BGP EVPN
Configuring the NVE Interface and VNIs
Step 19 address-family ipv4 vrf vrf-name Specifies the name of the VRF instance to associate with
subsequent address family configuration mode commands.
Example:
Device(config-router)# address-family ipv4 vrf
tenant_1
Step 20 advertise l2vpn evpn Advertises (L2VPN) EVPN routes within a tenant VRF
in a VXLAN EVPN fabric.
Example:
Device(config-router-af)# advertise l2vpn evpn
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
166
Configuring VXLAN BGP EVPN
Configuring L2VPN EVPN on all VTEPs
DETAILED STEPS
Step 6 host-reachability protocol bgp Defines BGP as the mechanism for host reachability
advertisement.
Example:
Device(config-if)# host-reachability protocol bgp
Step 7 member vnivniassociate-vrf Adds Layer-3 VNIs, one per tenant VRF, to the overlay.
Example: Note Required for VXLAN routing only.
Device(config-if)# member vni 11001 mcast-group
239.0.1.1
Step 8 member vnivnimcast-groupaddress Adds Layer 2 VNIs to the tunnel interface and assigns a
multicast group to the VNIs.
Example:
Device(config-if)# member vni 900001 vrf tenant_1
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
167
Configuring VXLAN BGP EVPN
Configuring L2VPN EVPN on all VTEPs
6. exit
7. l2vpn evpn instanceinstance-numbervlan-based
8. encapsulation vxlan
9. route-target exportroute-target-id
10. route-target importroute-target-id
11. no auto-route-target
12. exit
13. vlan configurationvlan-id
14. member evpn-instanceevpn-instance-numbervnivni-number
DETAILED STEPS
Step 4 replication-type static Suppresses use of Inclusive Multicast Ethernet Tag (IMET)
routes. IP Multicast is used for BUM traffic.
Example:
Device(config-l2vpn)# replication-type static
Step 5 router-id loopbacknumber Specifies the interface that will supply the IP addresses to
be used in auto-generating route distinguishers.
Example:
Device(config-l2vpn)# router-id Loopback1
Step 7 l2vpn evpn instanceinstance-numbervlan-based Configures VLAN based EVI in the L2VPN configuration
mode.
Example:
Device(config)# l2vpn evpn instance 1 vlan-based This command is optional if the route targets or the route
distinguishers are not needed to be configured manually.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
168
Configuring VXLAN BGP EVPN
Configuring access customer facing VLAN VTEP
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
169
Configuring VXLAN BGP EVPN
Configuring IP VRF on VTEPs for Inter-VxLAN routing
DETAILED STEPS
Step 3 interface gigabitethernetslot/port Enters the interface configuration mode on the Gigabit
Ethernet interface.
Example:
Device(config)# interface GigabitEthernet1/0/11
Step 4 switchport access vlanvlan-id Sets the access VLAN when the interface is in access mode.
Example:
Device(config-if)# switchport access vlan 11
Step 5 switchport mode access Sets the interface as a nontrunking nontagged single-VLAN
Ethernet interface.
Example:
Device(config-if)# switchport mode access
Step 7 interface gigabitethernetslot/port Enters the interface configuration mode on the Gigabit
Ethernet interface.
Example:
Device(config)# interface TenGigabitEthernet1/1/7
Step 8 switchport trunk allowed vlanvlan_list Configures the VLAN ids of the allowed VLANs for the
interface.
Example:
Device(config-if)# switchport trunk allowed vlan
11-210,901-905
Step 9 switchport mode trunk Sets the interface as an Ethernet trunk port.
Example:
Device(config-if)# switchport mode trunk
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
170
Configuring VXLAN BGP EVPN
Configuring IP VRF on VTEPs for Inter-VxLAN routing
2. configure terminal
3. vrf definitionvrf-name
4. rdroute-distinguisher
5. address-family ipv4
6. route-target exportroute-target-id
7. route-target importroute-target-id
8. route-target importroute-target-idstitching
9. route-target exportroute-target-idstitching
10. exit-address-family
DETAILED STEPS
Step 6 route-target exportroute-target-id Creates a list of export RTs for the VRF with the same
parameters.
Example:
Device(config-vrf-af)# route-target export 1:1
Step 7 route-target importroute-target-id Creates a list of import RTs for the VRF with the same
parameters.
Example:
Device(config-vrf-af)# route-target import 1:1
Step 8 route-target importroute-target-idstitching Configures importing of routes from the EVPN BGP that
have the matching route-target value.
Example:
Device(config-vrf-af)# route-target import 1:1
stitching
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
171
Configuring VXLAN BGP EVPN
Verifying the VXLAN BGP EVPN Configuration
show l2vpn evpn evi[evpn-id|all] Displays detailed information for a particular EVI or
all EVIs.
show mac address-table vlan vlan id Displays information for a specific VLAN.
show l2route evpn mac[all|evivlan-id] Displays MAC and IP address information learnt by
the switch in the EVPN control plane.
show bgp l2vpn evpn Displays BGP information for L2VPN-EVPN address
family.
show bgp vpnv4 unicast vrfvrf-name Displays VPNv4 routes from BGP table for a specific
vrf.
show ip route vrfvrf-name Displays the IP routing table associated with a specific
VRF.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
172
Configuring VXLAN BGP EVPN
Verifying the VXLAN BGP EVPN Configuration
Command Purpose
show l2vpn evpn mac Displays the MAC address database for Layer 2
EVPN.
show l2vpn evpn mac ip Displays the IP address database for Layer 2 EVPN.
Note Although the show ip bgp command is available for verifying a BGP configuration, as a best practice, it is
preferable to use theshow bgp command instead.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
173
Configuring VXLAN BGP EVPN
Examples of VXLAN BGP EVPN (EBGP)
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
174
Configuring VXLAN BGP EVPN
Example: Configuring Underlay Transport (Unicast and Multicast) between all the VTEPs and the Spine(s):
Note The following Spine configuration is applicable to Cisco Nexus Series Switches and is not applicable to Cisco
Catalyst 9000 Family Switches.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
175
Configuring VXLAN BGP EVPN
Example: Configuring eBGP with EVPN address family between the Spine(s) and VTEPs:
ip pim sparse-mode
!
interface TenGigabitEthernet1/1/2
no switchport
no ip address
channel-group 1 mode active
!
interface TenGigabitEthernet1/1/3
no switchport
no ip address
channel-group 11 mode active
Example: Configuring eBGP with EVPN address family between the Spine(s)
and VTEPs:
Configuring the spine
Note The following Spine configuration is applicable to Cisco Nexus Series Switches and is not applicable to Cisco
Catalyst 9000 Family Switches.
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
176
Configuring VXLAN BGP EVPN
Example: Configuring NVE on all VTEPs
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
177
Configuring VXLAN BGP EVPN
Example: Configuring additional VNI, EVI and VLAN on VTEPs
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
178
Configuring VXLAN BGP EVPN
Example: Configuring additional L3-VNI in NVE interfaces
!
interface Vlan12
description vni_11002
mac-address 0001.0001.0001
vrf forwarding tenant_1
ip address 192.168.2.254 255.255.255.0
Note The following Spine configuration is applicable to Cisco Nexus Series Switches and is not applicable to Cisco
Catalyst 9000 Family Switches.
feature-set fabric
hostname spine-1
!
feature telnet
feature scp-server
feature fabric forwarding
nv overlay evpn
feature ospf
feature bgp
feature pim
feature ipp
feature isis
feature fabric multicast
feature interface-vlan
feature lldp
feature fabric access
feature nv overlay
feature nxapi
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
179
Configuring VXLAN BGP EVPN
Example: Configuring iBGP/IGP EVPN VxLAN design model
!
ip pim rp-address 4.5.4.5 group-list 224.0.0.0/4
!
vlan 1
!
interface Vlan1
!
interface Ethernet1/1 ip address 10.14.1.4/24
ip router ospf 1 area 0.0.0.0
ip pim sparse-mode
no shutdown
!
interface loopback0
ip address 4.4.4.4/32
ip router ospf 1 area 0.0.0.0
ip pim sparse-mode
interface loopback1
ip address 4.5.4.5/32
ip router ospf 1 area 0.0.0.0
ip pim sparse-mode
!
router ospf 1
router-id 4.4.4.4
!
router bgp 100
router-id 4.4.4.4
address-family l2vpn evpn
neighbor 1.1.1.1 remote-as 100
update-source loopback0
address-family ipv4 unicast
send-community both
route-reflector-client
address-family l2vpn evpn
send-community both
route-reflector-client
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
180
Configuring VXLAN BGP EVPN
Example: Configuring iBGP/IGP EVPN VxLAN design model
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
181
Configuring VXLAN BGP EVPN
Example: Verifying L2/L3 VNI in NVE
# show ip mfib
Forwarding Counts: Pkt Count/Pkts per second/Avg Pkt Size/Kbits per second
Other counts: Total/RPF failed/Other drops
I/O Item Counts: FS Pkt Count/PS Pkt Count
Default
(*,224.0.0.0/4) Flags: C HW
SW Forwarding: 0/0/0/0, Other: 0/0/0
HW Forwarding: 0/0/0/0, Other: 0/0/0
(*,224.0.1.40) Flags: C HW
SW Forwarding: 0/0/0/0, Other: 0/0/0
HW Forwarding: 0/0/0/0, Other: 0/0/0
Port-channel11 Flags: A NS
Loopback0 Flags: F IC NS
Pkts: 0/0
(*,239.0.1.1) Flags: C HW
SW Forwarding: 0/0/0/0, Other: 0/0/0
HW Forwarding: 187/0/190/0, Other: 0/0/0
Port-channel11 Flags: A NS
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
182
Configuring VXLAN BGP EVPN
Example: Verifying EVPN Instance in EVPN Manager
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
183
Configuring VXLAN BGP EVPN
Example: Verifying MAC Table
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
184
Configuring VXLAN BGP EVPN
Example: Verifying IP VRF with all SVIs
Example: Verifying Remote MAC/IP and IP Prefix routes in L3VNI (IP VRF)
# show bgp vpnv4 unicast vrf tenant_1------- not all routes will be shown
BGP table version is 8583, local router ID is 10.11.11.11
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf tenant_1)
AF-Private Import to Address-Family: L2VPN E-VPN, Pfx Count/Limit: 11/1000
*> 11.11.11.11/32 0.0.0.0 0 32768 ?
*> 11.22.22.22/32 100.22.22.22 0 1 3 ?
*> 11.33.33.33/32 100.33.33.33 0 1 4 ?
*> 11.44.44.44/32 100.44.44.44 0 1 4 ?
* 192.168.1.0 100.44.44.44 0 1 4 ?
* 100.33.33.33 0 1 4 ?
* 100.22.22.22 0 1 3 ?
*> 0.0.0.0 0 32768 ?
*> 192.168.1.2/32 100.22.22.22 0 1 3 ?
*> 192.168.1.3/32 100.33.33.33 0 1 4 ?
*> 192.168.1.4/32 100.44.44.44 0 1 4 ?
* 192.168.2.0 100.44.44.44 0 1 4 ?
* 100.33.33.33 0 1 4 ?
* 100.22.22.22 0 1 3 ?
*> 0.0.0.0 0 32768 ?
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
185
Configuring VXLAN BGP EVPN
Example: Verifying MAC/IP entries in EVPN Manager
Layer 2 Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9400 Switches)
186